Disaster and Recovery Planning: A Guide for Facility Managers. Third Edition. By Joseph F. Gustin; published by the Fairmont Press, 770/925-9388 (phone), www.fairmontpress.com (Web); 328 pages; $98.
According to author Joseph F. Gustin, “there is no formal regulation that mandates a disaster and recovery plan.” That may not be quite right. The Sarbanes-Oxley Act of 2002 and the Health Insurance Portability and Accountability Act of 1996 require some level of IT and financial system continuity planning.
Despite the inauspicious start, this book proves to be an informative, user-friendly guide. Discussing emergency preparedness, Gustin provides useful information about communication processes and the importance of the chain of command in driving recovery operations. He also emphasizes the importance of human-capital planning via extensive training and the preparation of guidelines for emergency response teams.
Specific disasters including fires, bomb threats, and earthquakes receive individual attention. Probably to illustrate the extent and magnitude of disasters, Gustin includes lists of disaster and emergency declarations made in 2002 and 2003 that run for pages, from flooding in Arkansas to typhoons in the Federated States of Micronesia. The author’s good intentions aside, the lists don’t merit that much space.
On the brighter side, Gustin offers valuable information on workplace violence, from management oversight and policy to roles and responsibilities in response mode. He also includes employee-training tips, identifies elements of managing a workplace security program, and includes a workplace-violence checklist created by the federal Occupational Safety and Health Administration.
All the pieces come together with the implementation of the plan, and Gustin takes the reader through a phased approach to implementation. The book does a fine job of outlining key project activities, to include understanding company standards, determining compliance requirements, identifying threat factors, and ultimately rolling out the plan. Yet Gustin fails to mention the need for adequate and timely testing of the program, which should include a testing schedule, various types of test plans such as tabletop exercises, and remediation processes.
This book is by no means all-inclusive, but Gustin has taken a broad subject and condensed it into a usable and useful format. The book will help facilitate discussions between security management and other management as well as identify the core elements of a successful disaster preparedness and recovery program.
Reviewer: Steve Adler is the business risk manager with Uniprise, a healthcare insurer in Hartford, Connecticut. He has an M.S. in management from the Lally School of Management & Technology at Rensselaer Polytechnic Institute. He sits on the ASIS International Business Practices Council.