This book is a guide to implementation of World-Class Business Continuity Management within an enterprise. It may be used as a step-by-step guide by those new to Business Continuity Management or dipped into by the more seasoned professional for ideas and updates on specific topics. There is no absolute "right way" to perform business continuity management - although there are plenty of wrong ways. Business Continuity is not rocket science: it is applied common sense. Yes, experience helps, but it is no mystic art. This book makes the processes transparent and provide the reader with everything necessary to do the job. Many examples are provided throughout this guide: these all have their roots in real cases and real organizations, and come heavily laden with pragmatism. Over fifteen years of business continuity experience in environments large and small, public and private, has gone into developing the methods described. Your own "right way" for business continuity management means picking, matching and tailoring from the cases and examples provided and combining these with existing best practice within your organization. EXCERPT FROM THE PREFACE Melvyn Musson, FBCI, CBCP, CISSP I was very pleased to be asked to write a preface to this much-needed book. There are many books that have been written covering various aspects of hazard control, emergency response, disaster recovery and business continuity, but not one that pulls all areas together under the auspices of the individual sections of the BCI and DRII Professional Practices. Why my interest? To quote from a letter I wrote to the National Fire Protection Association (NFPA) in 1991 when they were considering the establishment of a Technical Committee to develop a Standard on Disaster Management: "Disaster Management, or Business Continuation Planning as we prefer to call it, is a natural progression from Hazard/Loss Control through Emergency Response to the recovery process. "The best hazard/loss control programs cannot prevent emergency or catastrophic situations occurring. The emergency response procedures that most companies have developed or which may be required by law, deal with such aspects as initial fire fighting, evacuation, life safety, etc. - what one might term the stabilization of the situation. They cover the first hours of the emergency. They do not deal with the long-term recovery, which could take several months. "Disaster Management, or some other similarly named program, is needed to enable the company to institute procedures to return to normal operations as soon as possible. That standard is now available as NFPA 1600: Standard on Disaster/Emergency Management and Business Continuity Programs. Within that standard are details of the BCI/DRII Professional Practices, albeit as part of the various sections of the standard and not as an individual, specific section. In addition to NFPA 1600, other standards and guides such as BS7779 in Great Britain and the recent Australian Risk Management Standard are incorporating the Professional Practices either by specific reference or wording relating to the practices. The advent of the Turnbull Report introduces a new consideration and need, which the Professional Practices can support. This makes it all the more important to have a reference material that can clearly detail what should be considered in each of the ten subject areas, together with appropriate examples and details of not only the benefits but also the problems that can be expected with each of those subject areas. Andrew Hiles has been able to do so in the development of this book. In addition, since Andrew intends to issue periodic updates, this book becomes a living document, which will address both changes in the Professional Practices and developments within the industry.

Most suppliers lose around 16% of their customers each year. The reason? Poor service - whether perceived or real.Any technology-based support service, whether in-house, contracted or outsourced, stands to be accused of being insensitive to the requirements of itscustomers (or users). Equally, customers of a support service may have unrealistic expectations of what can be reasonably provided.Service Level Agreements (SLAs) can overcome these gulfs. A Service LevelAgreement can create harmony between parties and can prevent disputes betweencustomers and suppliers. It can justify investment and identify the "right" quality of service. It can mean the difference between business success and failure.SLAs are potentially a strategic tool to align all support services (particularly IT) directly to business mission achievement. In the past, few organizations used them in this way. Armed with this book and the optional companion SLA FRAMEWORK, more and more businesses are now succeeding.Where are SLAs going? Increasingly business-focused. Increasingly measured inreal-time. Simple documents that cover complex service infrastructures. Providing a competitive edge. Embracing penalties.The brave, who commit to tight SLAs and perform against them will win the commercial spoils. This book provides the knowledge and tools based on fifteen years of intensive development to ensure your enterprise is among the winners.===============================Covering all aspects of Information Technology Service Level Agreements (SLA's), this essential manual is a step-by-step guide to designing, negotiating and implementing SLA's into your organization. It reviews the disadvantages and advantages, gives clear guidance on what types are appropriate, how to set up SLA's and to control them.An invaluable aid to IT managers, data center managers, computer services, systems and operations managers.

More than ever, the basic lesson for business managers and for business continuity professionals is: anything can happen This book is a guide to best practices in understanding risk and business impact. It provides essential guidance for the identification, management and control of risks confronting businesses --- What might happen? How will our enterprise be affected? What will the impact be? Answering these questions accurately and objectively is essential to Business Continuity Management, business success - and even business survival.The helpful examples all have their roots in real cases and come heavily laden with pragmatism. Over fifteen years experience in blue chip environments, large and small, public and private, has gone into developing the methods described. Others come with a respected pedigree from a variety of industries. Your own "right way" for risk management means picking, matching and tailoring from the cases, guidance and examples provided, and building on existing best practice within your organization. "This book is intended to provide guidance and examples for the identification, management and control of risks. Wherever practicable, we have used case studies and examples to illustrate the points."It is impossible to cover every industry, every process and every activity in work of this sort. We have therefore made the work as comprehensive as practicable and focused particularly on those risk areas of generic value to the reader, while providing references and case studies relevant to specific market sectors."Many examples are provided throughout this guide: these all have their roots in real cases and come heavily laden with pragmatism. Over fifteen years experience in blue chip environments, large and small, public and private, has gone into developing some of the methods described. Others come with a respected pedigree from a variety of industries.Your own "right way" for risk management means picking, matching and tailoring from the cases and examples provided and building on existing best practice within your organization."Where practicable we have provided examples of different methodologies so thatthe one most appropriate to the reader's organization's business continuity maturity and culture can be selected. The author is also conscious that it can only be a partial picture of what is a global business continuity industry. However, we have tried to be representative as far as practicable, illustrating issues, approaches and requirements from various countries."