Business Continuity Management
How to Protect Your Company from Danger
Management Briefings Executive Series


By Michael Gallagher
Financial Times / Prentice Hall
December 2002
ISBN: 0-273-66351-8
168 Pages, Illustrated
$237.50 paper original


Business continuity management (BCM) has become a hot topic in recent years and more significantly, in recent months (September 11, foot and mouth and flooding). However, BCM is not just about recovery from a disaster such one caused by fire or flood or the failure of IT systems. It can also be about the collapse of a key supplier or customer, about fraud, unethical operations and about reputation management. Recent surveys have shown that most companies still do not have business continuity plans and of those that have plans, many have never been tested or exercised. As a result, corporate governance, regulatory, insurance, audit and general business requirements are now emphasizing the importance of robust risk management and BCM practices in every organization. Today, it is vital that board members and senior executives understand the nature and scope of BCM. They need to be in a position to evaluate and enhance the status of the activity within their organizations. This briefing examines the nature of BCM and looks at its relationship with other activities such as risk management, insurance and the emergency services.

Contents Include:

1. What is business continuity management (BCM)?
The evolution of BCM
Impact of Y2K on BCM
Relationship with risk management
Relationship with the emergency services
Case study 1.1: Enron - risk management failure on a massive scale

2. Why do I need BCM?
Impact of Turnball
Impact of the Foreign Corrupt Practices Act
NASD proposals
FSA
HIPAA
Privacy
Data protection - Europe
Regulation and business continuity
Case study 2.1: Eli Lilly and Prozac.com website subscribers
Reputation
Case study 2.2: Ford/Firestone tyre recall
BCM is not just for large organizations
Are you ready?

3. But we have insurance
We have insurance
Case study 3.1: Argos - the internet "£3 TV" offer
Understand the insurance cover
Impact of September 11
Relevance to BCM

4. Good BCM - not token BCM
BCM - a simple process
Is BCM expensive?
BCM is positive and inclusive
Co-operation
People issues
Comprehensive approach
Common weaknesses in business continuity planning

5. How do I get started?
BCM working group
Business impact analysis
Use of consultants
Questions for the CIO or IT Director

6. Preparing the plan
Simplicity can be key
ABC business continuity plan
Departmental plans
CPE/FEMA business continuity plan
Crisis command and control centre
Don't do other people's plans
Vital records - non-computer
Communications and public relations
Restoration program
Features of a good plan

7. Ensuring ongoing success
Updating and auditing the plan
Exercising the plan
Training and awareness
BCM must not be an isolated function
BCM does not end
Case study 7.1: King's Cross underground fire

8. E-business and information technology - major risks
Background
Case study 8.1: Microsoft - loss of service to 10 million customers
Protecting IT
Case study 8.2: KPNQwest, on the verge of collapse, advises customers to make contingency arrangements
Information security
Top ten actions for the board
ERP systems
Case study 8.3: Hershey Foods - implications of ERP problems
The internet
Outsourcing

9. Role of the emergency services
They are the experts
National emergencies
The approach to emergency planning
The approach to a major incident
Liaison with the fire authorities
Major accident hazards

Author: Michael Gallagher is a member of the Business Continuity Institute. He is also a Fellow of the Chartered Institute of Management Accountants and of the Irish Computer Society. As Head of Management Services in RTÉ, the Irish national broadcasting organization, he was responsible for initiating and implementing RTÉ's Business Continuity Management program. This also involved developing the plans which take account of RTÉ's public service obligations in relation to the handling of major or national disasters. Previously, as Head of Information Technology at RTÉ, he was responsible for establishing the organization's IT Disaster Recovery and resilience plans. He has written extensively on IT policy and management topics and his books on the use of computers in the Human Resource function were regarded as definitive texts in the area. He is a founder member and Vice-Chair of the Irish Branch of the Emergency Planning Society. Michael can be contacted at: gallagml@iol.ie

Reviews: "In today's world, the title of this new FT publication should make it a "must read" for business managers. ..... The author presents this vital message in clear and concise language and supports it with useful checklists and reference points. Every organization should have a copy - for use and not for show!" February 2003 issue of Accountancy Ireland (Institute of Chartered Accountants in Ireland journal)

Return to the Businesss Titles Home Page