About the Author

KENNETH N. MYERS is an internationally recognized contingency planning specialist and educator. He has developed business continuity strategies for leading organizations in the United States, Europe, Mexico, and Puerto Rico. Mr. Myers developed the curricula and was the course leader for contingency planning seminars for The Battelle Institute and the American Management Association and was called to consult with the largest tenant in the World Trade Center following its bombing. In this book, he presents a new contingency program paradigm reflecting the latest in contingency strategies development thinking as well as the impact of terrorism and workplace violence on business continuity needs. He is also the author of Manager's Guide to Contingency Planning for Disasters: Protecting Vital Facilities and Critical Operations and Total Contingency Planning for Disasters: Managing Risk . . . Minimizing Loss . . . Ensuring Business Continuity, both published by Wiley.

From the Back Cover

Cost-efficient business contingency and continuity planning for a post-9/11 and Katrina world

Disasters can happen. Contingency plans are necessary. But how detailed and expensive do your contingency and continuity plans really need to be?

Employing a thoroughly practical approach, Business Continuity Strategies: Protecting Against Unplanned Disasters, Third Edition provides a proven methodology for implementing a realistic and cost-efficient business contingency program. Kenneth Myers―an internationally recognized contingency planning specialist―shows corporate leaders how to prepare a logical "what if" plan that would enable an organization to retain market share, service customers, and maintain cash flow if a disaster occurs.

Completely updated throughout to reflect lessons learned from 9/11 and hurricanes Katrina and Wilma, Business Continuity Strategies, Third Edition helps cost-conscious senior management:

• Establish a corporate contingency program policy and strategy that ensures timely completion of a plan, with minimal disruption to operations
• Minimize plan development costs
• Understand the importance of conducting briefings to communicate the proper mindset before the program development process begins
• Save time and money by avoiding a consultant's traditional approach of extensive information-gathering that contributes little to the development of practical solutions, but much in the way of consultant fees

Addressing countless hypothetical disaster scenarios doesn't make good business sense. Business Continuity Strategies, Third Edition helps companies focus on what is necessary to survive a natural catastrophe, workplace violence, or a terrorist attack.

From the Inside Flap

Business leaders in today's post-9/11, post-Katrina world know very well that natural catastrophes, workplace violence, and terrorist attacks can happen. While some level of protection is prudent, trying to anticipate every possible scenario is both costly and impractical. The first step in protecting against unplanned disasters is management's endorsement of a contingency program policy and strategy that restrains development costs while providing reasonable protection for vital facilities and critical operations.

In this Third Edition of Business Continuity Strategies, Kenneth Myers one of the world's foremost innovators in the field of business contingency planning provides cost-conscious executives with a structured, time-tested blueprint to help companies develop an individualized strategic continuity program. Thoroughly updated throughout, each chapter in this new edition has been carefully revisited to reflect lessons learned from 9/11, as well as from incidents of workplace violence, and hurricanes Katrina and Wilma.

Presenting a new contingency program paradigm, this timely book urges boards of directors to take a proactive role in insisting organizations institutionalize policies aimed at preventing workplace violence. The Third Edition documents employer workplace violence liabilities, describes the three stages of conduct prior to a workplace violence incident, and recommends preventive measures and supervisory training for coping with workplace violence incidents.

Business Continuity Strategies clearly explains why many existing disaster recovery plans are inordinately detailed and costly to fund and maintain. It also presents a methodology for transitioning to a contingency program that is more cost-effective and realistic. In addition, it describes why Human Resources is the discipline best positioned to develop and administer business contingency programs.

This book presents organizations that have multiple locations with a step-by-step template for planning, developing, and administering facility and computer contingency programs consistent in purpose, scope, strategy, and level of detail. It also provides guidelines and controls to contain development costs and to ensure low-cost, interim processing strategies, consistent with the low probability of a disaster.

The new edition documents thirty recommendations by the National Institute of Standards and Technology (NIST) following an investigation of the collapse of the World Trade Center in New York City. These recommendations for improvement address increased structural integrity, enhanced fire endurance, improved fire resistance, increased fire protection, improved emergency response, and improved evacuation procedures for mobility-impaired building occupants.

Few businesses can afford to shut down for an extended period of time, regardless of the cause. If the past few years have taught us anything, it's that disaster can strike in any shape, at any time. Be prepared with Business Continuity Strategies' time-tested framework, and help your company survive the unthinkable.

Excerpt. © Reprinted by permission. All rights reserved.

Business Continuity Strategies

John Wiley & Sons

Chapter One

BUSINESS CONTINUITY CONCERNS

Common areas of exposure to a disaster for a business include:

Telephone communications

Computer processing

Vital facilities

Critical operations

Telephone Communications

Telephones are often taken for granted; they are seldom out of service except for brief periods, such as immediately following a storm. Older electromechanical telephone switching equipment was extremely reliable. However, consumer demand for more sophisticated service has resulted in a conversion from electromechanical to software-controlled switching systems. The advantage of such systems is that they are easily modified to provide more sophisticated options to customers. The downside is increased vulnerability to periodic interruptions in telephone service owing to software malfunction. Every time computer software is changed, the risk of error increases-error that may lie dormant for months until the weakness is exposed. Moreover, it is unrealistic to expect all software changes to be sufficiently tested to preclude failure. Many of the features are new, and models for testing are, by definition, incomplete. Therefore, it is appropriate to prepare a contingency program that will provide minimum voice communication capability during a stabilization period.

Computer Processing

Financial service organizations cannot operate for more than a day or two without computer processing, as they need this capability to service transactions.

Yet for many other organizations, this is not the case. Although many businesses are dependent on computers for day-to-day operations, it is incorrect to assume that they could not operate without this support during a relatively brief disaster recovery period that might last a week or two. The difficult part is focusing on the right issue-keeping the business running, rather than keeping the computer running.

Operating without Computer Processing Capability

Manufacturers can be exposed to several problems if computer processing is inoperable. However, careful analysis usually concludes that although inefficient, product still can be manufactured and shipped without normal computer processing support. Alternate interim processing strategies and prerequisites for manufacturing without normal computer support need to be negotiated with functional managers. Prerequisites, such as starting points, need to be included in the contingency program to ensure that they will be available when needed. For example, it is not that storeroom inventories cannot be updated without an on-line computer; the problem is lack of a "starting point" or, in other words, a record of what the inventory file looked like when the computer outage occurred. So if a prevention program includes daily responsibility to store off-site a duplicate copy of the storeroom inventory file, immediately following a computer disaster the file could be printed at another location and delivered to manufacturing as a snapshot of inventory locations and availability. Receipts and disbursements could easily be updated with a simple personal computer (PC) spreadsheet until normal computer processing is restored. See Exhibit 1.1 for vital manufacturing support functions.

Headquarters operations can also be exposed to problems if computer processing is suddenly inoperable. However, careful analysis again usually concludes that although inefficient, business still can continue and customers can still be serviced without normal computer processing support. It helps to look at administrative business functions and what alternatives are available to get the job done without computer processing.

Insurance providers are concerned about issues such as new business underwriting; determining "in force" for claims adjudication; beneficiary information; and exposure for coverage that would have been canceled under normal circumstances. In each of these instances, there are alternative strategies that, although inefficient and cumbersome, can be used to ensure business continuity until computer processing is restored.

Distributors need strategies for taking and processing orders that are normally entered into computer databases, identifying kitting requirements, producing picking documents, inventory management, producing shipping documentation, and handling returns. The question to be asked is not "What problems would you have?"; it is "If confronted with this situation, what would you do to maintain market share and service customers until normal operations resume?"

Associations and agencies are concerned about membership services, legislation and public policy, publications, research, education and training, call centers, and government regulations. In most instances, the overriding consideration is to seek solutions for operating temporarily without normal computer processing capability that will not require continual funding, such as a computer hot-site agreement, but would ensure continuity in servicing members, volunteers, and staff during a stabilization period.

Interim processing strategies for meeting administrative responsibilities without normal computer support need to be negotiated with department managers. The window of expected outage must be determined. For the most part, information systems managers consistently agree that they could restore computer processing capability within 10 working days (14 calendar days). So the question to be asked of department managers is not "How long can you do without ..." or "What do you need ..."; managers tend to understate and pad the first question, and in response to the second question tend to ask for more than they need. Both questions beg answers and initiate thought processes that are not conducive to cost-effective contingency programs and invite discussions and deliberations that require further documentation and maintenance expense. The only question to ask line managers in relation to doing without normal computer processing is "What alternate strategies could be used to continue functioning for approximately ten days without computer processing capability?" When that question is asked, 99 percent of the responses are positive, that is, department managers are willing to accept operating at less than 100 percent efficiency and admit what could be done to meet the challenge of temporarily working without computer processing.

The simple psychology and willingness of contingency planners to "stick their necks out" and insist on establishing a reasonable limit to an expected computer outage will, in turn, have the positive effect of persuading line managers to admit how they could survive. Establishing this "window" up front is the key to a collaborative solution. But also remember that in establishing the window, information systems managers must also accept some risk and not pad their expected recovery capability. The question is not "When are they absolutely positive beyond any reasonable doubt that computer processing will be restored?"; rather, it is "Given emergency conditions, working 24 hours a day, seven days a week, with adequate resources, when is it likely that computer processing could be restored?" On-line connectivity can wait because there are other solutions available, but being able to process data is the important requirement. See Exhibit 1.2 for a list of typical administrative business functions.

Computer processing problems could be caused by a myriad of conditions. Power grids could fail due to unanticipated drops in demand (as users of questionable systems delay initializing operations, either because corrective work has not been completed or because of other concerns) which are so severe that the power companies must bring down and reconfigure power systems grids nationally. Failures of satellite communications, HVAC (heating, ventilation, air conditioning, and cooling) systems, automated processing equipment, and computer hardware or software are all possible. The broad and diversified nature of this potential problem is such that testing cannot ensure that some systems might not fail.

One-time potential problem issues have two dimensions. The first is to identify steps that need to be taken to reduce the likelihood of computer-dependent operations from being interrupted and monitoring compliance with those programs, within reason. Without careful oversight by informed senior management, this approach can wind up being a boondoggle for consulting firms-fear tactics, an inordinate amount of "analysis" and "weigh it by the pound" reports, endless meetings, and a large consulting bill.

Most important, however, is to develop a fallback plan that will ensure business continuity even if computer-dependent operations are temporarily inoperable. Experience and common sense suggest that a fallback plan is the safety net that needs to be in place, and organizations that already have a facility contingency program already have one. It just needs to be dusted off and modified slightly, and it can easily be used as a fallback plan. Conversely, if an organization does not already have a contingency program for loss of computer processing, now is the time to prepare one because it will solve both problems. Chances are that if there are failures, they will be isolated and will be corrected in a matter of days, if not hours. See Exhibit 1.3 for a fallback plan development strategy.

Vital Facilities

The loss of buildings resulting from fire and other accidents is not a new threat. Nor are there any miraculous solutions. Insurance is still the most cost-effective answer. Business failure following a disaster is normally caused by a loss of assets, such as a manufacturing facility, distribution center, or office building, or an inability to support vital business functions following a disruption in normal processing capability. An inability to support vital business functions immediately following a publicized disaster can be devastating when this information is in the hands of competitors. If orders are "lost," customer service communications lines are inoperable, or inventory availability records become unreliable, even if only for a few days, it can result in a significant loss of market share, particularly with the 20 percent of a company's customers who make up 80 percent of its revenue. Most organizations have not adequately addressed the issue of how to keep the business running if a plant or office building is inaccessible for several days. In other words, the concern is not what to do if assets are destroyed, but how to continue to operate a business if primary work locations are temporarily inaccessible or unusable.

In many production and manufacturing facilities, losing normal computer processing capability would have a serious impact on efficiency, order processing, scheduling, and tracking orders, but it would not destroy the ability to somehow manually shepherd product through the manufacturing and shipping process. Efficiency would suffer; record keeping would become a nightmare, excess inventory would have to be ordered (and worked off later) to avoid stock-outs, and production rates would drop, but product would get out the door.

Losing access to an entire production facility or one critical operation could, in many instances, bring manufacturing to a halt. Without alternate solutions to ship product until operations return to normal, business failure could result. It is this possibility and its impact on cash flow that demands that companies have contingency programs for loss of normal computer processing capability and "what if" strategies for a temporary loss of access to production facilities.

Raw material and component parts might be sent to alternate manufacturing sources; components might be purchased instead of manufactured; excess regional production capacities might be temporarily leased; "second-choice" production alternatives might be approved; inspection and quality control procedures might be changed; and some items might be shipped direct. The important issue is for manufacturing managers to take the time to "think through" which alternatives are most likely to work and which are most cost-effective. It is important that these alternate production methods or "what if" strategies be documented in writing so that: (1) their workability can be validated annually; (2) any prerequisites, such as maintaining daily backup copies of inventory status reports or files off-site to support alternate manufacturing methods, can be identified and inserted into a prevention plan; and (3) crisis management activities, such as using the most recent stock status reports as a basis for insurance claims, are added to the incident recovery plan.

Only a Computer Recovery Plan

Which comes first, the chicken or the egg? Which comes first in contingency planning? Recovering lost technology or keeping the business running? The business continuity program should come first. In fact, data processing plans to recover technology that are developed before interim processing strategies are explored normally result in an excessive amount of resources committed to redundant computer processing capability. Auditors are becoming increasingly critical of the lack of business continuity programs and are beginning to emphasize this area more than the loss of computer processing technology. After all, what good is a restored computer if users are unable to keep the business running immediately following a disaster? If you are just getting started in contingency planning, you should address the business continuity issue before you worry about redundant computer processing capability.

Current Program May Not Work

Less than 25 percent of business organizations have a workable contingency program. Some programs look good on paper-but would not work if they had to be implemented. Programs that are not viable usually have three things in common:

1. The focus is on keeping the computer running rather than on keeping the business running.

2. No one has taken the time to identify alternate procedures to support functions that normally rely on computer technology but could actually survive a stabilization period using alternate methods.

3. The program contains unnecessary detail and professes to cope with problems that are typically nonexistent.

Exhibit 1.4 lists common reasons why many contingency programs will not work.

CHARACTERISTICS OF A SOUND PROGRAM

A contingency program should be reviewed annually to ensure compatibility with business practices and to integrate lessons learned from new disasters and test results into more cost-effective solutions. Many times it is helpful to have someone other than the individual who developed the program to conduct such a review. It is difficult to be objective when reviewing your own work.

A corporate contingency program approved by senior management is a requirement. This document should emphasize that (1) providing 100 percent redundancy for all types of physical disasters is simply not practical; (2) documenting detailed alternate procedures for an infinite number of combinations of possible disasters is also not realistic and would create a "monster" to maintain; and (3) departmental managers are the architects of "what if" interim processing strategies that will serve as guidelines to ensure business continuity following a disaster.

Assumptions under which a program is developed should be stated to clarify expectations and avoid excessive documentation. Examples of assumptions include:

Qualified personnel will be available to execute the program.

Healthcare agencies and institutions will be operational.

A building evacuation plan exists.

Inefficiencies are expected during a stabilization period.

Incoming telephone calls will be rerouted within two hours.

(Continues...)

Excerpted from Business Continuity Strategiesby Kenneth N. Myers Copyright © 2006 by John Wiley & Sons, Ltd. Excerpted by permission.
All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.