Examples of poor business continuity planning,tsunami evacuation plan phuket,the risk assessment code is used to evaluate,american blackout summary - Easy Way

Many organizations utilize metrics that fall short of this Quality level and therefore hinder their ability to communicate an accurate message. Are easy for the intended audience to understand by using the same measurement and communication techniques that are in place in other areas of the business. The common misunderstanding or inappropriate message is that a program that has good performance automatically provides a highly recoverable organization OR the opposite where poor program performance means an unrecoverable organization. Recoverability metrics focus on comparing management approved recovery objectives to proven recovery capability (through testing or actual recovery efforts). Both of the example metrics dashboards are simplistic in their design, but they can require a significant amount of effort to be reported against and meet the guidelines for Quality metrics.
This entry was posted in Business Continuity, Business Continuity 101, IT Disaster Recovery by Susan Giffin. Business Continuity Planning is the one of the four commonly linked components of an organization's risk management strategy. This paper will take a look at Business Continuity Planning from a unique perspective: the end. Business Continuity Planning joins with Emergency Response, Crisis Management and Disaster Recovery Planning [see Figure 1] to create a comprehensive process for recovering from unexpected events that threaten stability or even the future existence of an organization. The root of a sound business continuity plan lies in the ability to quickly and accurately determine the most important business functions. Either of these incorrect extremes can be explained, but can cripple the development of a Business Continuity Plan if it isn't corrected early on in the process.
Although not an exact science, typical business functions can be tied to one or more roles they play in defining a predictable operational process, and subsequently, the effect they can have on the business' success when these functions are lost or operating below par. The impact of a loss or delay in completing a business function typically changes over time.
Extending the RTO by creating alternate workaround processes or by offering other mitigating factors (e.g. Recovery Point Objectives (RPOs) are similar to Recovery Time Objectives except that they represent the tolerance for lost data once the process has been recovered or restored. Technology has advanced to the point where critical data files can be maintained and synchronized in more than one location, enabling a potential RPO of zero to be achieved. The risk of loss of critical facilities can be mitigated, but generally at very high costs.
Some Business Continuity Planning projects start by listing every possible scenario, from rainstorms to global thermo-nuclear war. In an overall enterprise strategy, the most common mitigation technique is to identify and prepare alternate sites for all critical elements.
One of the most overlooked aspects of successful Business Continuity Planning is the potential loss of key decision makers during the response and recovery time when their abilities are most crucial. As a checkpoint in the Business Continuity Plan, select an alternate for each critical staff position, who is asked periodically to perform response and recovery functions in place of the incumbent during planned tests. Interestingly, a good succession planning policy has an added benefit in that it gives employees a clearer way to manage their career advancement, resulting in more favorable employee turnover and improved productivity. Finally, it's not unusual to spend considerably more time planning a Disaster Recovery test that doesn't create an interruption than running the test itself. Product quality and information privacy regulations make the task of identifying alternate suppliers more challenging.
Purchasing Departments have traditionally been able to identify sources of materials, but will always need additional support in finding alternate suppliers of technical processes and business services.
Remember also that shortages of common resources can affect many companies in the same industry.
Recently, pandemic response planning has taken its place in Business Continuity Planning, both from an employee absence perspective and one that represents a dramatic alteration in public behavior (e.g.
Many situations less severe than a widespread disease pandemic can be effectively built into Business Continuity Plans. Recent experiences with regional disasters such as floods and hurricanes have also resulted in more refined plans to assure that family members and household stability can be assured before employees can be productive. The best Business Continuity Plans are ones that can be initiated very early before the interruption has progressed to the point of a crisis. Many computer incidents such as failing components, hacking attempts or infection by computer viruses can be recognized by intrusion detection and operations management tools. Many effective techniques exist for building a resilient facility that can provide risk remediation, especially for computer and communications capabilities. The most effective Business Continuity plans have sound alternative procedures and process recovery instructions included in the project documentation.
Technology can be used to effectively create a domain structure that enhances the ability to consolidate resources with similar requirements for Confidentiality, Integrity and Availability.
Most business units cannot justify the expense associated with providing a continuous availability strategy, rigorous monitoring or enabling strong authentication techniques.
Damage assessment and recovery planning can frequently be streamlined if the resources most sensitive to delay or disruption can be quickly identified, salvaged and restored.
Business Continuity Planning is not exclusively for the restoration of processes after a disaster or disruptive event. One way to do this is to develop a strategy that establishes external services to provide an expandable production capacity. Our template will guide you through the normally complicated task of clearly understanding the risks to your business and what risk controls measures are appropriate. Thousands of business continuity and disaster recovery tests fail each year due to poor planning. This plan is packed full of tasks for even the most comprehensive exercise or test, and whatever parts you don’t need, just simply delete them. This is a€?Memorandums and Lettersa€?, section 9.2 from the book Communication for Business Success (v. This content was accessible as of December 29, 2012, and it was downloaded then by Andy Schmitz in an effort to preserve the availability of this book. PDF copies of this book were generated using Prince, a great tool for making PDFs out of HTML and CSS.
For more information on the source of this book, or why it is available for free, please see the project's home page. DonorsChoose.org helps people like you help teachers fund their classroom projects, from art supplies to books to calculators. A memoAn abbreviation for memorandum; normally used for communicating policies, procedures, or related official business within an organization.
A memoa€™s purpose is often to inform, but it occasionally includes an element of persuasion or a call to action. One effective way to address informal, unofficial speculation is to spell out clearly for all employees what is going on with a particular issue. While memos do not normally include a call to action that requires personal spending, they often represent the business or organizationa€™s interests. A memo has a header that clearly indicates who sent it and who the intended recipients are. In a standard writing format, we might expect to see an introduction, a body, and a conclusion.
Memos are often announcements, and the person sending the memo speaks for a part or all of the organization.
Some written business communication allows for a choice between direct and indirect formats, but memorandums are always direct. Memos are a place for just the facts, and should have an objective tone without personal bias, preference, or interest on display. While e-mail and text messages may be used more frequently today, the effective business letter remains a common form of written communication. Letters may serve to introduce your skills and qualifications to prospective employers, deliver important or specific information, or serve as documentation of an event or decision. The date should be placed at the top, right or left justified, five lines from the top of the page or letterhead logo. Like a subject line in an e-mail, this is where you indicate what the letter is in reference to, the subject or purpose of the document.
This is your opening paragraph, and may include an attention statement, a reference to the purpose of the document, or an introduction of the person or topic depending on the type of letter. If you have a list of points, a series of facts, or a number of questions, they belong in the body of your letter. An emphatic closing mirrors your introduction with the added element of tying the main points together, clearly demonstrating their relationship. Five lines after the close, you should type your name (required) and, on the line below it, your title (optional).
If the letter was prepared, or word-processed, by someone other than the signatory (you), then inclusion of initials is common, as in MJD or abc.
Just like an e-mail with an attachment, the letter sometimes has additional documents that are delivered with it.
A formal business letter normally includes a logo or contact information for the organization in the header (top of page) or footer (bottom of page).


Memos are brief business documents usually used internally to inform or persuade employees concerning business decisions on policy, procedure, or actions. Letters are brief, print messages often used externally to inform or persuade customers, vendors, or the public. Find a business letter (for example, an offer you received from a credit card company or a solicitation for a donation) and share it with your classmates. Now that you have reviewed a sample letter, and learned about the five areas and fifteen basic parts of any business letter, write a business letter that informs a prospective client or customer of a new product or service.
Always time-constrained, they ask for metrics that can be reviewed at a glance to understand performance quickly and determine if an investment is paying off. In a business continuity program, Quality metrics should speak to goals related to both program performance (the planning process, such as performing a business impact analysis, documenting plans and facilitating exercises) and recoverability (can the organization meet its recovery objectives when facing a disruptive incident).
KPIs) or planning scorecards, program performance metrics focus on reporting the status related to planning activity completion.
These metrics are important – important to audiences concerned with the appropriate implementation of the program processes such as regulators, auditors, risk management groups and business unit program coordinators. Organizations may not have the processes or maintain documentation necessary to develop and report this level of detail. Over many years of Business Continuity Plan development, I've come to recognize twelve telltale signs that often foretell the fate of the business continuity planning effort. Business Continuity is often the most crucial element in determining whether an organization can survive a major disruption over the long run.
Well, after being very thoughtfully prepared, providing the appropriate documentation and following up with periodic tests and exercises of the plan in a controlled environment, I've seen twelve attributes that tilt the scale toward a successful restoration of business operations as quickly and as effectively as possible. To be effective, the inventory of all critical business functions (both manual and automated) must be created in advance and be accurate. I've seen an exhaustive list of applications that have been deemed by their owners as "critical" in which everything is a #1 priority (most often this is the result of department heads jockeying for position and the designation of "most important") or nothing is important at all (often this occurs when identifying critical applications would result in substantial work to develop the BCP, so to save time and effort, nothing is critical). Each application must be evaluated for business impact if it were delayed or if it failed, and an appropriate priority assigned. This may be a direct financial loss, such as failure to ship a finished product, or inability to create a bill for services rendered. Usually we find that most business functions do not result in a significant brand image or product creation immediately, even though the effect on product quality, regulatory compliance or direct revenue can be immediate.
For most computer applications that require data entry, archiving the source documents for re-entry will support full data recovery however the source documents may be lost or destroyed along with the computer files. Successful Risk Management methods strive to achieve a risk mitigation strategy that it proportionate to the potential for loss. By the time all these scenarios are listed, with all the possible effects on every item and building in the organization, what you end up with is very close to an infinite-by-infinite matrix to solve for the most likely events. In selecting alternate facilities or sites, failover plans should be tested regularly and temporary assignment of key staff members should be included in the test plan. If you want to see the impact of key decision makers in a Business Continuity Plan, try running a recovery test without certain key roles. This should become a documented element in all job descriptions and performance review standards. With the cost of replacing and retraining good employees, this simple process can be turned into money in the bank!
Called the "No-Plan Plan," it prescribed that every day should be a Disaster Recovery exercise. This is particularly true in industries like food, cosmetics, toys and pharmaceuticals, where regulatory demands impose consistency and quality expectations. Recent efforts have been fruitful in building supply chain resources in collaboration with other organizations, even competitors.
Well-trained and practiced employees are the first line of defense in identifying situations that could become serious. These components are often included in technology operations strategies, but they must be run and monitored to be effective. There may be similar advance warnings for critical supplies, short term financing, and business partner relations.
Operational sync-points and offline versions of key data files can more easily be accommodated at the onset of the project. This capacity is often cost prohibitive in existing facilities, but over time, as plants are expanded, upgraded or acquired, these modifications can be made with minimal increased cost. Training then includes not just regular operation, but alternatives when critical resources are unavailable.
Technical infrastructure and advanced processes can be applied at the domain group level, saving considerable costs and substantially reducing complexity. When several business units share the benefits and costs however, the expense can be more easily justified.
Potential lost revenue is generally reduced when critical business operations are restored more quickly.
Successfully executing an effective plan can also provide considerable benefits including increased market share. A process or technology that is unable to meet dramatic unexpected demand can result in an ultimate loss of customer satisfaction and actually reduce your market share, even in a rapidly expanding market sector. If these suppliers are used for a portion of the normal production, the process is already in place.
Our template guides you through the process and ensures you obtain the maximum benefits from your test or exercise. It guides you through the normally complicated task of extracting and reporting on the right information when determining appropriate recovery objectives for your business. This documents sets out the activities that should be undertaken to help prepare your business for a Pandemic. This document gives examples of all the key activities required to manage a comprehensive business continuity program. See the license for more details, but that basically means you can share this book as long as you credit the author (but see below), don't make money from it, and do make it available to everyone else under the same terms.
However, the publisher has asked for the customary Creative Commons attribution to the original publisher, authors, title, and book URI to be removed.
If budget cuts are a concern, then it may be wise to send a memo explaining the changes that are imminent. They may also include statements that align business and employee interest, and underscore common ground and benefit. An acronym or abbreviation that is known to management may not be known by all the employees of the organization, and if the memo is to be posted and distributed within the organization, the goal is clear and concise communication at all levels with no ambiguity. While it may contain a request for feedback, the announcement itself is linear, from the organization to the employees. It can serve to introduce you to a potential employer, announce a product or service, or even serve to communicate feelings and emotions.
The audience or reader may have their own idea of what constitutes a specific type of letter, and your organization may have its own format and requirements. Regardless of the type of letter you need to write, it can contain up to fifteen elements in five areas. If your letter includes a letterhead with this information, either in the header (across the top of the page) or the footer (along the bottom of the page), you do not need to include it before the date.
This can make it clear to a third party that the letter was delivered via a specific method, such as certified mail (a legal requirement for some types of documents).
An emphatic opening involves using the most significant or important element of the letter in the introduction.
You may choose organizational devices to draw attention, such as a bullet list, or simply number them. This line indicates what the reader can look for in terms of documents included with the letter, such as brochures, reports, or related business documents. Just like a a€?CCa€? option in an e-mail, it indicates the relevant parties that will also receive a copy of the document. Share it with your classmates, observing confidentiality by blocking out identifying details such as the name of the sender, recipient, and company.
Not unlike other disciplines, business continuity practitioners commonly find themselves developing metrics to communicate readiness and justify investment, as well as seeking feedback to prioritize continual improvement and remediation activities.
When metrics include both, the business continuity program provides a clear picture to management that allows them to provide feedback and prioritize continual improvement opportunities. This dashboard outlines recovery targets, compares performance, and provides criticality or priority ratings to show level of importance.
However, once initially developed, Quality metrics should provide an ongoing method for communicating performance, progress and escalating issues that answer executive questions about program performance and recoverability. Let's look at the role of Business Continuity Planning within risk management and these twelve indicators of success. These attributes do not necessarily mean the plan will be a success, nor do they indicate that failing to demonstrate them foretells failure.
This inventory needs to include factors that can change an item's priority, such as a cash management application that is extra important just before scheduled large payments like payroll or acquired inventory payments are processed.


A temporary workaround can often be used for some period of time before the effect is actually felt, but in almost all business functions, that temporary fix can only be continued for a short time before it becomes cumbersome at best and totally ineffective. Effective file and document archive procedures can help prevent losing these critical transaction records entirely. There have been numerous attempts at detailing the steps required for a thorough risk assessment strategy. It is much easier to look at the four key elements of People, Process, Plan and Technology and to ignore the event that can cause a disruption, but instead look at the effect on those elements in only two categories: Total Loss and Significant Reduction in functionality.
A professional athlete doesn't stop practicing when the contract is signed (with some notable exceptions). Approval of alternate suppliers or alternate processors can require months by the approval agencies, and production may be limited or unavailable while this approval is obtained. In one instance, a company whose offices were located in an urban skyscraper were informed that another tenant in the building had an employee who unknowingly came to the office with a contagious case of the measles. Part of the plan is to teach employees to recognize the signs of an impending disruption in normal activity. Like the old joke about the two guys in the jungle trying to outrun the tiger, Business Continuity Planning is the ability to respond more quickly and more successfully than competitors to gain a competitive advantage.
For example, transportation costs, technology changes or imminent weather conditions can cause a dramatic increase in demand. Details of conducting impact assessments all the way through to completing and testing your BCP.
You may also download a PDF copy of this book (6 MB) or just this chapter (934 KB), suitable for printing or most e-readers, or a .zip file containing this book's HTML files (for use in a web browser offline). It is often written from a one-to-all perspective (like mass communication), broadcasting a message to an audience, rather than a one-on-one, interpersonal communication. The unofficial, informal communication network within an organization is often called the grapevineThe unofficial, informal communication network within an organization, often characterized by rumor, gossip, and innuendo., and it is often characterized by rumor, gossip, and innuendo. Date and subject lines are also present, followed by a message that contains a declaration, a discussion, and a summary. The memo may have legal standing as it often reflects policies or procedures, and may reference an existing or new policy in the employee manual, for example. Wea€™ll examine the basic outline of a letter and then focus on specific products or writing assignments. This chapter outlines common elements across letters, and attention should be directed to the expectations associated with your particular writing assignment. While you may not use all the elements in every case or context, they are listed in Table 9.1 "Elements of a Business Letter". A comma after the salutation is correct for personal letters, but a colon should be used in business. Readers tend to pay attention to openings, and it makes sense to outline the expectations for the reader up front.
Readers may skip over information in the body of your letter, so make sure you emphasize the key points clearly. However, business continuity professionals and their program sponsors often struggle to communicate when it comes to recoverability and find it easier to communicate program performance.
This dashboard is a true look at recoverability and answers the common executive question: Can our organization be recovered within our tolerance for downtime? Frequently all four are combined into an overall process, which is good, but then handed off to a single person, or a small team of people who are charged with trying to satisfy the basic requirements of all of them in one fell swoop.
There are always humans going an extra step beyond their expectations, good (or bad) luck, timing and a whole host of factors that cannot be measured.
That point in time when the process must be restored is called the Recovery Time Objective (RTO).
That transforms the target of the risk assessment from an infinite by infinite matrix by a much simpler four by two matrix. The obvious scenario is that these people were casualties of the event, but to offset a morbid test environment, try declaring that these or other key positions are "on their honeymoon" or "sick with the flu" or "having a baby." Then put the alternate in charge of that function and invite the "missing" incumbent to observe the decision making, but forbid them from participating or providing direction. All data files and programs were stored on tape (primarily to offset the high cost of disk storage at that time), and every critical computer system started with a step that restored the programs and data from the tape to the disk, followed by execution of the application, and concluded with the creation of a new tape for use in the next scheduled processing. All tenants were notified that they could expose pregnant employees or family members of employees who rode in the same elevator bank to this disease. Of all the companies I've worked with over the years, pretty much all of them have been able to recover from a disruptive event. Thorough Business Continuity Plans often include these dramatic increases in demand as well as loss of functions. It may also be used to update a team on activities for a given project, or to inform a specific group within a company of an event, action, or observance.
On the grapevine, one person may hear that someone else is going to be laid off and start passing the news around.
For example, on February 13, 2009, upper management at the Panasonic Corporation issued a declaration that all employees should buy at least $1,600 worth of Panasonic products.
The discussion elaborates or lists major points associated with the topic, and the conclusion serves as a summary. There are many types of letters, and many adaptations in terms of form and content, but in this chapter, we discuss the fifteen elements of a traditional block-style letter.
The salutation a€?To whom it may concerna€? is appropriate for letters of recommendation or other letters that are intended to be read by any and all individuals.
Just as you would preview your topic in a speech, the clear opening in your introductions establishes context and facilitates comprehension. If your letter requests or implies action, the conclusion needs to make clear what you expect to happen. As a result, management comes away feeling unclear if the business continuity program delivered solutions that manage the risk associated with disruptive events in line with their risk appetite. But good business continuity planning is all about eliminating or reducing the dependency on these random coincidences. At arranged times of the day, or the month, or in the production cycle, try to decide how to stack the cards.
When connected to the revenue streams the RTO represents the maximum time that the facility, person, process or technology is unavailable or delayed until revenue is seriously impacted. Coincidentally, it was an excellent technology recovery plan in that it could be easily transported to any of a couple dozen nearby data centers that had compatible computers, and run completely with minimal disruption of the new host. As a result, alternate plans were drawn up so that employees concerned about this exposure could continue to work without physically coming to the office. Rumors change and transform as they are passed from person to person, and before you know it, the word is that they are shutting down your entire department. The company president noted that if everyone supported the company with purchases, it would benefit all.Lewis, L.
If this is not the case with your letter, but you are unsure of how to address your recipient, make every effort to find out to whom the letter should be specifically addressed. It is usually courteous to conclude by thanking the recipient for his or her attention, and to invite them to contact you if you can be of help or if they have questions. In this perspective, we’ll not only describe attributes of Quality metrics, but we hope to make the case that business continuity professionals should be reporting on much more than the planning activities that they perform or manage – they must also compare the end results of the planning processes (strategies and solutions) to management’s approved recovery objectives.
In our opinion, this is where metrics reporting must improve in order to meet expectations and engage management on a consistent basis. All are important and each one has a specific critical role to play in resolving serious disruptions, but each one is a complex process and can require more effort than a single person or small group of people can accomplish.
If risk management efforts start at the lowest level of detail, chances are pretty good that before all the details have been tallied, the cost factors will have changed. They are often printed on letterhead paper, and represent the business or organization in one or two pages. For many, there is no sweeter sound than that of their name, and to spell it incorrectly runs the risk of alienating the reader before your letter has even been read. This paragraph reiterates the main points and their relationship to each other, reinforcing the main point or purpose.
All of them also could have recovered more quickly and more easily if they had done something just a bit differently. Shorter messages may include e-mails or memos, either hard copy or electronic, while reports tend to be three or more pages in length. Avoid the use of impersonal salutations like a€?Dear Prospective Customer,a€? as the lack of personalization can alienate a future client. As shown in the graphic, being prepared gives you the advantage of getting "back in business" sooner than your competitors.



How to risk assess a project
Disaster preparedness ppt


Comments to “Examples of poor business continuity planning”

  1. Qanfetkimi_oglan writes:
    If you have got spending a lot more for element of the U.S. Purchased from the.
  2. Die_Hard writes:
    In-depth technology articles and time management ideas tools to have in your handbag created of sturdy material with.