Description
Your challenge is to maintain a good and effective business continuity plan in the face of changing circumstances and limited budgets. If your situation is like that in most companies, you really cannot depend on the results of last year’s test or exercise of your business continuity plan. People tend to forget, lose confidence, lose interest, or even be replaced by other people who were not involved in your original planning. Jim Burtles explains:
“You cannot have any real confidence in your business continuity plans and procedures until they have been fully tested…Exercises are the only way we can be sure that the people will be able to interpret the plans and procedures correctly within the requisite timeframe under difficult circumstances.”
Test Your Business Continuity With These Exercises
As you do your job in this constantly shifting context, Jim Burtles helps you to:
- Differentiate between an “exercise” and a “test” – and see the value of each in your BC program.
- Understand the different types of plans and identify the people who need to be involved in exercises and tests for each.
- Use the “Five-Stage Growth Path” – from desktop to walkthrough to full-scale exercise — to conduct gradual testing, educate personnel, foster capability, and build confidence.
- Create a variety of unusual scenario plot-lines that will keep up everyone’s interest.
- Identify the eight main elements in developing and delivering a successful BC exercise.
- Select and prepare a “delivery team” and a “response team” for your exercise.
- Make sure everyone understands the “rules of engagement.”
- Use the lessons learned from exercises and tests to audit, update, and maintain the plan.
You are well aware that a host of problems may crop up in any kind of company-wide project. These problems can range from basic logistics like time and place, to non-support from executives and managers, to absenteeism, to the weather, to participants forgetting their lines. Throughout the book, Burtles uses his decades of experience working with companies like yours to give you useful examples, case studies, and down-to-earth advice to help you handle the unexpected and work toward the results you are looking for.
Get Manager’s Guide to Business Continuity Exercises: Testing Your Plan via Google Books Or on Amazon Today!
2017, 100 pages. Jim Burtles (Author), Kristen Noakes-Fry (Editor).
ISBN 978-1-944480-33-2 (PDF), ISBN 978-1-944480-32-5 (EPUB)
About the Author
Jim Burtles KLJ, MMLJ, Hon FBCI is a well-known and respected leader within the business continuity profession. Now semi-retired and living in West London, he can look back and reflect upon the lessons learned from a wealth of experience gained in some 40 years of practice, spread across 4 continents and 24 countries.
He was granted Freedom of the City of London in 1992, received a Lifetime Achievement Award in 2001, and was awarded an Honorary Fellowship by the Business Continuity Institute (BCI) in 2010. In 2005, he was granted the rank of a Knight of Grace in the Military and Hospitaller Order of St. Lazarus of Jerusalem, an ancient and charitable order which cares for those afflicted with leprosy and similar debilitating diseases.
Working as an IBM field engineer, in the mid-70s he took on the role of a rescue engineer, helping customers recover their damaged systems in the wake of fires, floods, and bombings. This type of work was the beginning of what later became known as disaster recovery. During the 80s, he became an early pioneer of what was then the emerging business continuity profession. In 1994 he helped to found the Business Continuity Institute (BCI) and now serves on its Global Membership Council, representing the interests of the worldwide membership. His practical experience includes hands-on recovery work with victims of traumatic events such as explosions, earthquakes, storms, and fires. This includes technical assistance and support in 90-odd disasters, as well as advice and guidance for clients in over 200 emergency situations.
Over the past 40 years, Jim Burtles has introduced more than 3,500 people into the business continuity profession through formal training programs and has provided specialist training for another 800 or so through workshops covering specific subjects or skill areas. For several years he was a regular visiting lecturer at Coventry University.
Recent published works include Coping with a Crisis: A Counselor’s Guide to the Restabilization Process, 2011, Emergency Evacuation Planning for Your Workplace: From Chaos to Life-Saving Solutions, Rothstein Publishing 2014, and Principles and Practice of Business Continuity: Tools and Techniques, 2nd Edition, Rothstein Publishing, 2016.
Contents
Cover
Title Page
Copyright
Introduction: The Basics of Testing
0.1 Definitions
0.2 Element Testing
0.3 Exercising
0.4 A Delivery and Service Regime
0.4.1 Distribution
0.5 Conducting Tests and Exercises
0.5.1 Testing
Chapter 1: Plans and Their Purposes
1.1 Areas of Responsibility
1.1.1 Plan Types and Responsibilities
1.2 The Plan Development Process
1.2.1 Design and Structure
1.2.1.1 Relation of Plan Type to Area of Responsibility
1.2.1.2 Purposes of the Plan Types
Chapter 2: Getting Started with Testing Your Plans
2.1 Capability and Confidence: Educating Personnel
2.2 The Five-Stage Growth Path
2.2.1 Desktop Exercise
2.2.2 Walkthrough
2.2.3 Active Testing
2.2.4 Command Post Exercise
2.2.5 Full-Scale Exercise
2.2.6 Frequency of Testing
2.3 Testing Plans and Procedures
2.3.1 Disaster Recovery Testing
2.3.2 Systems Recovery Checklist
2.4 Elements of Exercise Development
2.5 Background: Objectives and Purpose
2.5.1 Stating the Purpose
2.6 Buildup
2.7 Developing the Script for the Exercise
2.7.1 The Script Process Deliverables
2.7.1.1 Script Content
2.7.1.2 Interrupts
2.8 Quality
2.8.1 Realism
2.8.1.1 Methods for Achieving Realism
2.8.2 Scope
Chapter 3: Delivering a Successful Exercise
3.1 Exercise Coordination and Control
3.1.1 Potential Problems
3.1.2 Preparation and Practice
3.2 Safety: Isolation and Security
3.2.1 Creating Isolation
3.2.2 Setting Up Security
3.3 The Ideal Scene
3.4 Lessons: The Feedback Stage
3.4.1 Exercise Debrief
3.4.2 The Exercise Report
3.4.3 The Exercise Review
3.4.4 Full Sequence of Feedback
3.5 Tracking the History
3.5.1 Records and Reports
3.5.1.1 Records
3.5.1.2 Reports
3.5.2 Recording
3.6 Kick-Off
3.6.1 Announcement and Notice
3.6.2 Cautions
3.6.3 Rules of Engagement
3.6.4 Keeping It Going
3.7 Advanced Techniques
3.7.1 The Command and Control Exercise Scale
3.7.2 Cabaret Exercising
3.7.3 The Bang and Echo Program
Chapter 4: Auditing and Maintaining the Plan
4.1 Steps in Review Process
4.1.1 Facilities
4.1.1.1 Facilities Testing
4.1.2 Resources
4.1.2.1 Resources Testing
4.1.2.2 Reviewing Dynamic and Stable Plan
4.1.3 Output Phase
4.1.3.1 Status Reports and Activity Reports
4.1.4 After the Reports
4.2 Auditing
4.2.1 The Audit Process
4.2.2 Rules of Audit
4.2.3 Policy
4.2.4 Compliance
4.2.5 Finance
4.2.6 Investment
4.2.7 Expenditure
4.2.8 Prudence
4.2.9 Purposes
4.2.10 Achievement
4.2.11 Claims
4.2.12 Concerns
4.3 Completing the Audit
4.3.1 Audit Checklists
4.3.2 Checklist Construction
4.3.3 Audit Reports
Appendix A: Estimating Evacuation Time
Appendix B: Developing Scenario Plot Lines
About the Author
Credits
More from the Publisher
Excerpt from the Preface
The importance of exercising your BC plans and testing the associated arrangements and resources cannot be overstated. This is the most important aspect of preparing to deal with the inevitable disruptive incident which will eventually occur. If you and your organization are properly prepared the incident may pass by almost unnoticed, simply because your people knew what to do and how to do it.
On the other hand, without any previous practice, a relatively minor interruption can easily escalate to dramatic proportions with disastrous consequences – simply because they didn’t perform very well. The old saying “practice makes perfect” has a lot of truth in it, especially when confronting the unusual or the unexpected. You and your organization will gain more benefit from exercising and testing than from any other aspect of your BC program. It is the only element in the whole program which can directly affect people’s reactions and unconscious behaviors.
In fact, it could be said that exercising and testing is the only part of the BC suite of disciplines that is essential. One might cope quite well without any plans or other preparations – providing that one could safely rely upon the effective competence of the individuals concerned. However, such a level of competence can come only from the experience gained in regular exercises and tests.
In this book, we will be looking at how you can make this all happen smoothly and effectively, using tools and techniques which have been derived from many years of practical experience. Read on, dear reader, read on.
Excerpts
Introduction: The Basics of Testing and Exercising
No plan of action has any value until it has been proven. Even then, it has precious little value until all of the actors have practiced their performance. There is no question that Shakespeare wrote good plays, but I can’t imagine that any drama company would want to stage one of them without a few rehearsals. Remember, our actors are not accomplished professionals and perhaps we should not put too much faith in a plot that has not yet stood the test of time.
Seriously, we must test our plans to see how well they work. We must also challenge the assumptions about timings. Once we are reasonably confident that the plans should work, we must carry out a dress rehearsal to make sure everyone knows what to do and how to do it. Over time people will either have forgotten, lost confidence, lost interest, or been replaced. Thus, we should practice on a fairly regular basis; otherwise, our plans could cause chaos rather than save lives, the latter being, after all, the whole point of the program.
Chapter 1: Plans and Their Purposes
Perhaps the major influence on the type and number of plans will be the scale of the enterprise or the operation. For a large organization which is spread across a number of sites or locations, there will probably be some six or seven types of plans. Each of these plans will serve a different purpose and may be used in isolation under certain limited circumstances; whereas a major emergency may necessitate the use of most, or even all, of the plans.
The decision to follow the procedures outlined within one of your contingency plans is generally referred to as an activation. Part of the activation process should be concerned with considering the activation of other plans or the raising of alerts. An alert is the procedure for warning team leaders of circumstances which might lead to an activation. In a smaller organization, some of the plans may serve as modules that are combined to create a smaller number of plans, each with a broader scope.
By using a consistent format, you can regard your plans as modules within a suite of plans. Each module is designed to help one of the teams fulfill a particular purpose in response to an emergency situation. Consistency allows you to move people, or even tasks, from one team to another, if the occasion should warrant. It also makes the maintenance and education process much easier for everybody concerned.
Chapter 2: Getting Started with Testing Your Plans
Often, there will be a change of personnel at this point where the BC program starts to move away from the short-term challenges of development and delivery projects towards the longer-term practice of an education and maintenance program. In some cases, an external consultant has been employed to lead or assist in the launch and implementation, and it will be normal for the consultant to step back and hand over control to the resident BC manager at some point, perhaps staying in the background in an ad hoc support or advisory role. Alternatively, a member of staff has led the way so far but may have second thoughts about the way forward. Is this staff member ready to adopt a rather less dynamic attitude, or should he or she consider handing over to someone else who is more suited to the long-term maintenance and administration that is required from now on? This is a question which you might like to consider in due course, but first you need to know what the future might hold.
Chapter 3: Delivering a Successful Exercise
The eight elements of exercise development and delivery that were discussed in Chapter 2 are shown in Figure 3-1. Before the event, the preparation phase is concerned with the development of the exercise materials and is comprised of background, buildup, and quality, covered in Chapter 2. The action phase, covered in this chapter, is concerned with the subsequent delivery of those materials as a useful exercise with beneficial results and includes delivery, safety, lessons, history, and kick-off.
The delivery of a realistic and meaningful exercise is probably the most important and demanding set of tasks in the whole of the BC program. Such an event depends upon good preparation, teamwork, timing, and direction. Here we are using the term direction to imply good management and facilitation as the story unfolds. As leader of the exercise, you can’t expect to remain invisible; however, the participants should be more concerned with the problems they are facing than what you are doing or thinking.
Chapter 4: Auditing and Maintaining the Plan
Before you can set out on a formal review or an audit, make sure that you have the authority to proceed, which will probably take the form of some terms of reference. The terms of reference set out the scope of the review or audit together with what is expected. Gaining the authority to proceed will involve your BC sponsor, who will provide you with that authority and supply, or at least sign off on, your terms of reference.
Your terms of reference should provide you with a clear indication of:
- The aim and purpose of the assignment.
- Your objectives.
- The scope of the inquiry.
- The recipient’s expectations or anticipated deliverables.
- Any assumptions or constraints.
- Budgetary limitations that might apply.
- Anticipated timescales.
- Reporting structure.
The terms of reference may also mention the preferred approach or method to be used which might reflect standard practice for other disciplines or activities within the organization.