Business Continuity Management E-Book

Contents

Cover

Contents

More Praise for Business Continuity Management

Title page

Copyright

Dedication

Preface

About the Web Site

Chapter 1: Business Continuity Management Plan

Crisis Management

The Value

Mapping Risks

Incident Response versus Crisis Management

Immediate Response and Impact Levels

Risk Management

Structuring Business Continuity Management Plans

Summary

Chapter 2: Incident Management Plan

Incident Management versus Crisis Response

Principles of Incident Management

Incident Management Sequence

Incident Management Plan Design and Implementation

Incident Management Plan Policies and Procedures

Resourcing the Incident Management Plan

Structuring Incident Management Plans

Summary

Chapter 3: Crisis Management Structures

Interorganizational Management

Crisis Leadership

Organizational Crisis Leadership

Approach Methodologies

Education and Training

Response Buildups

Crisis Management Structures

Composition of Crisis Response Teams

Incident Management Structures

Crisis Control Center

Monitoring Crisis Management Programs

Summary

Chapter 4: Scope of Risk

Security and Safety Awareness

Crisis Management Training

Stages of Disasters

Man-Made Risks

Natural Risks

Summary

Chapter 5: Incident Response Guidelines

Vehicle-Borne IED Incident Management

Casualty Incident Management

Missing Person Incident Management

Road Traffic Accident Incident Management Data Call

Facility Physical Security Breach Incident Management

Kidnapping and Ransom Incident Management

Media Management Incident Management

Detention and Arrest Incident Management

Hostage Situation Incident Management

Suspect Call Incident Management

Civil Unrest Incident Management

Unexploded Ordnance or Suspect Package Incident Management

Suspect Letter Incident Management

Destruction of Sensitive Materials Incident Management

Repatriation Incident Management

Domestic Terrorism or Special-Interest Groups Incident Management

Espionage Incident Management

Site Occupation or Sit-Ins Incident Management

Sabotage Incident Management

Demonstrations Incident Management

Pending Detention or Exit Denial Incident Management

Complaints Incident Management

Blackouts and Power Loss Incident Management

Loss of Sensitive or High-Value Materials Incident Management

Indirect Fire and Direct Fire Attacks Incident Management

Workplace Violence Incident Management

Chemical, Biological, or Radiological Attack Incident Management

Complex Attack Incident Management

Family Liaison Incident Management

Office, Facility, or Hotel Fires Incident Management

Threats, Coercion, and Intimidation Incident Management

Mugging or Robbery Incident Management

Small Arms Fire Incident Management

Floods and Tidal Waves Incident Management

Earthquakes Incident Management

Pandemics Incident Management

Hurricanes and Tornadoes Incident Management

Volcanoes Incident Management

Sandstorms Incident Management

Landslides Incident Management

Forest Fires and Brush Fires Incident Management

Summary

Chapter 6: Crisis Information Capture Reports

Immediate Verbal Reporting (SAD CHALETS)

Serious Incident Reporting

Incident Management Plan Risk Assessment Reports

Sample Crisis Information Capture Reports

Summary

Acknowledgments

End User License Agreement

List of Illustrations

Chapter 1: Business Continuity Management Plan

EXHIBIT 1.1 The Value of Business Continuity Management Plans

EXHIBIT 1.2 Strategic and Regional Risk Mapping

EXHIBIT 1.3 Simple Risk Tolerance Table

EXHIBIT 1.4 Stages of Incident Management and Crisis Response

EXHIBIT 1.5 Risk: Time, Space, and Impact

EXHIBIT 1.6 Immediate Response to Impact Levels

EXHIBIT 1.7 Risk Ripple Effects

EXHIBIT 1.8 Failure to Follow Trigger Points

EXHIBIT 1.9 Crisis Management: Trigger Response Matrix

EXHIBIT 1.10 Crisis Management: Simple Trigger Response Tools

EXHIBIT 1.11 Decision and Authority Matrix

EXHIBIT 1.12 Layering of Business Continuity Management Plans

EXHIBIT 1.13 Convergence within the Business Continuity Management Plan

EXHIBIT 1.14 Business Continuity Management Plan Considerations

EXHIBIT 1.15 The Risk Management Process

EXHIBIT 1.16 The Business Continuity Management Plan

EXHIBIT 1.17 Information Management: Strategic Planning

EXHIBIT 1.18 Risk Management Cycle

EXHIBIT 1.19 Project Site McKinsey Area Grid Overlay

EXHIBIT 1.20 Site Schematics

EXHIBIT 1.21 Simple Floor Plan Using PowerPoint

EXHIBIT 1.22 Simple Floor Plan Using Visio

EXHIBIT 1.23 Business Continuity Management Program Management

EXHIBIT 1.24 Information Management Flows

EXHIBIT 1.25 Crisis Communications Plan

EXHIBIT 1.26 Information Cascade System

EXHIBIT 1.27 Crisis Response: Interface Plan

EXHIBIT 1.28 Supporting Organizations for Business Continuity Management Interface Plans

EXHIBIT 1.29 Sample Preprepared Press Release

EXHIBIT 1.30 Crisis Response: Resource Management Plan

EXHIBIT 1.31 Resource Compatibility Table

EXHIBIT 1.32 Critical Materials Risk Evaluation Matrix

EXHIBIT 1.33 Crisis Response: Procurement Plan

EXHIBIT 1.34 Project Initiation Document Development Sequence

EXHIBIT 1.35 A Logical Sequence for Designing Policies and Plans

EXHIBIT 1.36 Reoccupation Planning Process

EXHIBIT 1.37 Business Recovery Planning Process

Chapter 2: Incident Management Plan

EXHIBIT 2.1 Insulating Companies Against Risk

EXHIBIT 2.2 Crisis Management Flow

EXHIBIT 2.3 Incident Management Event Sequence

EXHIBIT 2.4 Management Stages of a Crisis

EXHIBIT 2.5 Macro and Micro Crises

EXHIBIT 2.6 Corporate Risk Evaluation

EXHIBIT 2.7 Consensus-Based Risk Evaluation

EXHIBIT 2.8 Project Gantt Chart: Risk Mapping

EXHIBIT 2.9 Statistical Risk Mapping

EXHIBIT 2.10 Design and Development

EXHIBIT 2.11 Review and Testing of the Incident Management Plan

EXHIBIT 2.12 Structuring the Incident Management Plan

EXHIBIT 2.13 Incident Management Plan Immediate Resource Mapping

EXHIBIT 2.14 Incident Management Plan Communications and Tactical Resource Plan

EXHIBIT 2.15 Verbal Reporting of Incidents:

SAD CHALETS

EXHIBIT 2.16 Incident Management Plan Alert State Trigger Plan

EXHIBIT 2.17 Simple Alarm State Notifications

EXHIBIT 2.18 Incident Management Cheat Sheet

Chapter 3: Crisis Management Structures

EXHIBIT 3.1 Interorganizational Management

EXHIBIT 3.2 Crisis Data Capture Tools

EXHIBIT 3.3 Man-Made Event Data Tracking

EXHIBIT 3.4 Response Buildup

EXHIBIT 3.5 Crisis Response Organizational Structuring

EXHIBIT 3.6 Crisis and Incident Response Structures

Chapter 4: Scope of Risk

EXHIBIT 4.1 Workplace Violence Risk Mapping

EXHIBIT 4.2 Principles to Scoping Risks

EXHIBIT 4.3 Domestic Terrorist Methodologies

EXHIBIT 4.4 The Six Cs

Chapter 5: Incident Response Guidelines

EXHIBIT 5.1 Response Guidelines Principles

EXHIBIT A Explosive Hazard Table (Guidelines Only)

EXHIBIT 5.3 Sensitive Material Destruction Example

Chapter 6: Crisis Information Capture Reports

EXHIBIT 6.1 Information Flow Management

EXHIBIT 6.2 Crisis Information Capture Report Principles

Guide

Cover

Table of Contents

Begin Reading

Pages

i

ii

iii

iv

v

xv

xvi

xvii

xviii

xix

xx

xxi

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

50

49

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

69

70

68

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

More Praise for Business Continuity Management

“Can my company afford not to be prepared? Should we allow our destiny to be dependent upon luck or put in the hands of others? A company well prepared for a disaster WILL weather the storm. Mike has provided not only the substance to develop a plan that addresses all types of incidents, but the “ground zero” detail required to make it effective. You have everything here to design a plan that works–practice and communicate that plan across your company at all levels will prepare you for the next storm.”

Glenn W. McLea CPP, Corporate Security Director, Parsons Corporation

“Anyone operating in the international market place, either as a commercial or government organization, knows that you will face crisis incidents. How well you weather that storm is a reflection of how effective your policies, plans and training area. This book adds real value to the understanding of your vulnerabilities and the development of effective mitigation plans.”

Timothy Bowen Director of Global Investigations and Security, BearingPoint, Inc.

“Business Continuity Management is a rare, uniquely valuable resource, cleverly managing to be practical and comprehensive while simultaneously thought provoking and inventive. Truly terrific.”

Garett Seivold Editor, IOMA's Security Director's Report Author, Disaster Preparedness 2008: The Guide to Building Business Resilience

“Another blockbuster by Mike Blyth and a most useful companion to his earlier work Risk and Security Management Protecting People and Sites Worldwide. This is an excellent book for the security practitioner and for those who have an interest in managing risk.”

Tom Mulhall Director of Security Programmes, Loughborough University, UK

“Lots of people talk about crisis management and business continuity, but Michael Blyth's book provides real, tangible details for crisis management planning. Whether you're a security professional or a senior manager, you will find his guidance practical and – particularly should you ever need to use it – incredibly valuable.”

Joe Gleason Director of Global Security and Operations, National Democratic Institute

“This experienced and talented author has again produced a comprehensive and very useable manual on how to protect people as well as insulate companies from liability risks. This book is essential reading for anyone involved in risk management and is a crucial point of reference for any company executive who should, by now, know that managing risk in an uncertain world is a feature of our everyday existence and the basis of commercial success.”

Martin Guyll-Wiggins Senior Partner, Great Western Solicitors

“Mike Blyth presents not only a comprehensive strategy for creating an effective Incident Management Plan but has laid out the tactical components that will ensure a multi-functional approach that has the essential elements for continuity planning for any organization. This book should be required reading for experienced Business Continuity Planners as well as for new comers to the field. Mike has given us a valuable resource.”

Gerard A. McEnerney, COL, USA (Ret.) Assistant Vice President and Executive Director, St. John's University–Staten Island Campus & University Emergency Management Former U.S. Army Chief Regional Emerg. Prep. Liaison Officer–FEMA Region II

“In the context of increasingly uncertain economic times, Michael's astute emphasis on Risk Management should be particularly relevant to security executives and managers. Mapping, evaluation, and assessment of risk are exceptionally valuable tools to demonstrate the need for investment in key security programs to mitigate against the potential for catastrophic financial loss.”

Greg Hoobler Senior Global Security Analyst

“Mike has taken us all to the next stage, helping us move from 'The Risk' into 'Doing Something About It'. An easy to use book which helps all levels of personnel within International Organisations along the Business Continuity Learning curve. I look forward to working alongside Mike in the future and maybe some of his readers.”

Paul Harries Police Inspector, Central London UK

“In Business Continuity Management, Mike Blyth has delivered another encyclopedic security reference. This should be required reading for all private sector security managers, who today are confronted with adversaries ranging from transnational terrorist and criminal organizations to natural hazards. Mike has developed a do-it-yourself guide to business continuity planning based on his wealth of practical experience and decades of lessons learned.”

Ian Conway CEO, Helios Global, Inc.

Business Continuity Management

Building an Effective Incident Management Plan

Copyright © 2009 John Wiley & Sons, Inc. All rights reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey. Published simultaneously in Canada.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400, fax 978-646-8600, or on the Web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, 201-748-6011, fax 201-748-6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services, or technical support, please contact our Customer Care Department within the United States at 800-762-2974, outside the United States at 317-572-3993 or fax 317-572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books.

For more information about Wiley products, visit our Web site at http://www.wiley.com.

Library of Congress Cataloging-in-Publication Data:

Blyth, Michael, 1972-     Business continuity management : building an effective incident management plan / Michael Blyth. p. cm.     Includes index.     ISBN 978-0-470-43034-7 (cloth : acid-free paper) 1. Crisis management. 2. Emergency management. 3. Business planning. I. Title.     HD49.B59 2009     658.4'77-dc22

2008048334

10 987654321

Dedicated to my wife Kristen, who is the Crisis Team Leader for our family, both at the point of every emergency event, as well as when undertaking the post incident reviews with the cause for most of our emergencies … our children Alexander, Amber, and Christopher.

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!