Book Review—The Definitive Handbook of Business Continuity Management, 2nd Edition 

Download Article

Business continuity management is a continually evolving subject because of the rapid evolution of and critical dependence on IT, changes in business processes, emergence of new types of risks, and the continued and compelling need for enterprises to reduce the impact of disruptions and recover from interruptions. Business continuity management has progressed to becoming more holistic and focused on the business than on technology. The Definitive Handbook of Business Continuity Management, 2nd Edition, which features contributions from leading practitioners in the industry, is truly a handbook and is a valuable resource for anyone involved in, or looking to gain a detailed appreciation of, the rapidly emerging area of business continuity and disaster recovery within the corporate environment. The book is presented in an easy-to-follow format, explaining in detail the 10 core business continuity activities incorporated in the common body of knowledge agreed upon by the Disaster Recovery Institute International and the Business Continuity Institute. The contributors, who are from Asia, Australia, Europe, India, the Middle East and the US, provide a truly global perspective, bringing their own insights and approaches to the subject, sharing best practice from all corners of the world.

The book provides comprehensive information on business continuity practices and could be useful both as a how-to guide and as a reference book for the business library on the topic of business continuity management. The structured format, with many revealing case studies, examples and checklists, provides a clear road map, simplifying and demystifying business continuity processes for those new to its disciplines and providing a benchmark of current best practice for more experienced practitioners. These features make the book useful to business continuity managers, IT professionals, IT security and control professionals, and anyone interested in the field of business continuity management. This book makes a significant contribution to the knowledge base of business continuity and risk management.

The book has two main sections, 26 chapters and four appendices.

Section one of the book provides an executive overview of achieving and maintaining business continuity and has chapters on key concepts such as what is being planned, what a business continuity planning strategy is, a crisis management perspective of business continuity, multilateral continuity planning, marketing protection as a justification for funding of total asset protection programs, operational risk management, and business strategy and business continuity planning.

Section two of the book is a how-to guide on planning for business continuity.

The book has an inherent limitation in terms of lack of continuity resulting from contributions by different authors. An introductory chapter on business continuity management would have made the book useful to a novice reader. Sample templates are provided in some of the chapters, but the book could be even more useful if templates and practical examples had been provided for all the chapters, as relevant. Further, the chapter on business continuity audit could have been more comprehensive and focused.

Editor’s Note

The Definitive Handbook of Business Continuity Management, 2nd Edition, is available from the ISACA Bookstore. For information, see the ISACA Bookstore Supplement in this Journal, visit, e-mail or telephone +1.847.660.5650.

Reviewed by A Rafeq, CISA, CGEIT, CIA, CCSA, FCA
an IT governance and assurance professional from Bangalore, India, with more than 25 years of experience in various roles such as chief financial officer, chief information officer, IT implementer, IT consultant, IT auditor and COBIT® trainer. He has been a COBIT user and implementer for more than 12 years and is a well-known COBIT evangelist. Rafeq has made presentations on IT governance, IT assurance and COBIT implementation at ISACA conferences worldwide. Rafeq is a past president of the ISACA Bangalore Chapter. He has also helped with development of ISACA’s CISA® Review Manual.

Enjoying this article? To read the most current ISACA® Journal articles, become a member or subscribe to the Journal.

The ISACA Journal is published by ISACA. Membership in the association, a voluntary organization serving IT governance professionals, entitles one to receive an annual subscription to the ISACA Journal.

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and/or the IT Governance Institute® and their committees, and from opinions endorsed by authors’ employers, or the editors of this Journal. ISACA Journal does not attest to the originality of authors’ content.

© 2010 ISACA. All rights reserved.

Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, MA 01970, to photocopy articles owned by ISACA, for a flat fee of US $2.50 per article plus 25¢ per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited.