The Definitive Handbook of Business Continuity Management

BCM is presented as an all-encompassing "way of life", ensuring that a business can survive a disaster and bounce back to its pre-disaster profit level, and the tasks and information that is required to ensure proper diagnosis, prescription and maintenance of a business. As one of the authors put it - "Do we gamble with failure or hedge against it".

Although presented as a collection of 20 articles it is seamlessly organized that the information did not appear redundant. After which Case studies are presented on major disasters that happened to corporations in America, most notably 9/11. Considering the scope of BCP/BCM (Business Continuity Planning) endeavour, the market for its implementation within Malaysia is limited to listed companies that can afford the methodology preached. Plus, Asian cultures abhor having outsiders prodding through every nook and cranny of their business process and resource points, isolating weaknesses and identifying exposure and making sure that the business is resilient enough to withstand a collapse of its major infrastructure. Not only that, to ensure success, key personnel from all sectors have to be identified and interactions and accountability documented with redundancies and multiple information and escalation routes introduced to ensure resiliency. At the end of the day, one would envy the consulting firm that manages such a wealth of information from any such companies, which one would assume will be sizeable enough to want BCP/BCM. What a treat indeed!

On the downside, as expected with books that compiles articles, the depth of the information presented is quite shallow, but fortunately for a person like myself that are new to the subject, it's quite a readable experience as that is exactly what I am looking for. It provides enough pieces to the puzzle for me to proceed with my r&d activities.

Rating:
Summary: Practical BCM at last!
Review: This is a thoroughly welcome addition to the business continuity books on the market. It brings a clear, rational approach to a very complicated topic. Unsurprisingly, the book adheres to the ten stage process as defined by the Business Continuity Institute and the Disaster Recovery Institute and is written in a style that is easy to read and with very little jargon. (It even gives guidelines on how to read the book.)

The book outlines some important lessons:

- The Importance of business continuity management

- Business continuity plans should be based on outcome scenarios and not causes

- The need for an organized development/implementation

- BCM is never complete - amendments and testing will always be required

There are a couple of points to note though:

- It fails to deliver the message clearly that Business Continuity Management is an umbrella for business impact analysis, risk management and business continuity planning. Too many people just concentrate on the latter.

- My experience shows that many advantages are gained through the development of the plan when the business continuity is firmly in the minds of those involved and the management sponsors (who have allocated resources and funds). This is as important as the plan itself.

- Unlike chapter 15 (Developing the written plan), Chapter 18 (Selecting tools to support the process) is an example of where the book sits on a fence. It describes the types of tools required but gives no clear examples of data used. There are numerous examples that could have been used to illustrate this; perhaps this leaves the door open for consultancy opportunities!

- Another downside to the book occurs as early as section one, which is described as an executive overview and is 75 pages long!

Notwithstanding these minor grumbles, I would wholeheartedly recommend this book to anyone involved in BCM or anyone thinking about creating a more secure business.