This page is replicated from http://johnglenncrp.0catch.com/ and links are to that URL.
This page provides an introduction to John Glenn, CRP, and a brief overview of Business Continuity. Links from this page will take you to a number of Business Continuity articles and Web sites.
JOHN GLENN, CRP
Certified Business Continuity & Disaster Recovery Planner
Who is John Glenn, CRP?
John Glenn is a certified & experienced Business Continuity and Disaster Recovery planner.
Certification was earned from the Harris Recovery Institute in 1999. The credentials were awarded by Norm Harris, acknowledged as one of the founders of the industry, following completion of a series of increasingly challenging examinations.
Experience includes working on plans for
A Business Continuity planner needs a number of skills, including
In the most simple terms, "Business Continuity is the process of protecting an organization from disasters."
A disaster, according to this scrivener, is any event that (a) causes loss of life of serious injury to personnel or (b) causes an organization to dissolve. Anything less is an inconvenience, albeit sometimes an expensive and trying inconvenience.
A scenario is a "what if" situation.
According to Norm Harris there is only one valid scenario: you come to work and there is nothing there. Every other scenario, according to Harris, is included in the total loss scenario.
In a word, "everyone."
There are three "basic" plan types (and many "variations on a theme").
Business function plans focus on business functions, the operations that drive the organization, the reason(s) the organization exists. Business function plans typically identify risks from support function failure, but fail to address those risks at the source.
Support functions (read "IT/MIS")
Support function plans normally mean "IT disaster recovery." All support functions need to be protected; the priority for their recovery must be determined by the business functions.
Enterprise plans include both business functions and support functions and are, in my opinion, the only plans worth creating. In today's modern organization - commercial, non-profit, and government - there are a myriad of inter-dependencies, some obvious, some less obvious. There also are external dependencies that must be considered - utilities, infrastructure, Emergency Management, and others.
The Statement of Work, the SOW, often is overlooked as a plan component, yet it is critical. It sets the scope and framework for the plan.
As with most plans, unless carefully managed, it will fall victim to "scope creep," an insidious malady that will destroy deadlines and prevent plan implementation.
The Business Impact Analysis, or BIA, is the "official" first phase. The BIA identifies the reasons the organization exists and identifies risks to "critical business processes." The key word is "process." Critical processes are done in order to perform a business function.
The risk analysis takes each identified risk (see BIA) and defines it by two categories:
Many planners use an X-Y graph to visually rate a risk.
The higher the overall rating, the higher the risk's priority on the avoidance/mitigation task list.
Recommendations & implementation
Recommendations are based upon the BIA and Risk Analysis. Input from Subject Matter Experts (SMEs) - both in-house and external personnel - is used to recommend the best practice methods to avoid or mitigate each risk.
Typically several options are offered, with the planner selecting the most appropriate for the situation. Management determines, based on a number of factors to which the planner may not be privy, which - if any - avoidance or mitigation recommendations to implement and management sets the implementation schedule.
Phase 2 of the Business Continuity plan is the "active" portion. It is this portion which includes instructions on how to respond to a disaster event.
This section is an overall section; it identifies who is authorized to declare a disaster condition (primary and alternate), who is authorized to declare the condition over, and the criteria on which the decisions are made.
In some cases, a disaster condition may be declared before the event (e.g. predictable weather events).
Business Continuation is the process of maintaining a "minimum level of service" immediately following a disaster condition. These instructions include work-arounds until support resources are restored and alternate sources. Each critical business process should be included in this section.
Disaster Recovery is restoring the operation to "business as usual." This means not only IT/MIS, but the facility and all the other supporting functions.
Each supporting function process needs to be documented.
All-hands awareness & safety
All-hands awareness and safety is a training function. It makes all personnel aware of risks and defines what to do when a risk is suspected or detected. This includes facility evacuation when appropriate (and when not to evacuate).
Training, training, training
The ability to respond to a disaster condition with confidence can make the difference between chaos and sanity. While everyone is expected to "use their head," they also are expected to function within a framework that enhances their safety and continuation of the operation.
Critical point: No plan ever is "100%" the first time it is exercised. If it is, something is wrong with the test.
Don't despair, repair.
Test and test again until everyone is comfortable with the results.
Then test some more.
Plans must be maintained. Plan maintenance is based on the calendar, but - more importantly - on trigger events. Was there a change in personnel, plan, policy, procedure, process, product, or any of a hundred other things that impact the plan? If there is, modify the plan.
John Glenn, CRP articles
You can find a number of Business Continuity articles on this Web site.
Some links from the Articles page first appeared in Business Continuity magazines and ezines; many are available only on this site.
You are welcome to read, download, and (re)distribute any John Glenn, CRP, article except that articles published elsewhere require permission from that publisher.
The book Business Continuity Planning Made Simple - almost may be freely downloaded and distributed.
If you do use a John Glenn, CRP, article, I would appreciate
Other Business Continuity Web sites
The easiest way to find other Web sites is to use the Dogpile and Google search engines to search for Business Continuity, Disaster Recovery, Emergency Management, Continuity of Operation Planning (or COOP), and Contingency Planning.
Some of my favorite Web sites are found on the Sites page.
The best way to learn more about John Glenn, CRP is to look at the Articles page. I share what I know and, I'm told, the tone of the articles fairly well reflects my personality. (Planner's visual aids is a good example.) You also can look elsewhere on the WWW from the "On the WWW" page for things I have written and for things written about me.
If you insist on knowing all the details, you may go to the Resume page and view the vita in ASCII/text, HTML, PDF, and Word formats.
What other planners write
Do I know what I am doing? Other planners seem to think so. You may read their comments about the articles from the Readers write page.
Everybody needs references. Mine are online in several files linked from the References page.
Comments always are welcome. They may be directed to JGlennCRP@yahoo.com .