Disaster Recovery Journal - Summer 2002 Issue- Contingency Planning Considerations Should Have Been Obvious

Return to the Summer 2002 Index

DISASTER RECOVERY
JOURNAL

P. O. Box 510110
St. Louis, MO 63151
(314) 894-0276
Fax: (314) 894-7474
Internet www.drj.com
E-mail drj@drj.com

PUBLISHER &
EDITOR-IN-CHIEF
Richard L. Arnold, CBCP
richard@drj.com

SENIOR EDITOR
Janette Ballman
janette@drj.com

MANAGING EDITOR
Jon Seals
jon@drj.com

COPY EDITORS
Richard Sandhofer
richards@drj.com
Pamela Clifton
pamelaclifton@hotmail.com

ADVERTISING
Robert Arnold
bob@drj.com

_____________

Corporate

President/CEO
Richard L. Arnold, CBCP
richard@drj.com

Vice President
Robert Arnold
bob@drj.com

CONFERENCE COORDINATOR
Patti Fitzgerald, CBCP
patti@drj.com

CONFERENCE REGISTRAR
Merce Knese
mercedes@drj.com

CIRCULATION
Laura Baugh
laurab@drj.com

INTERNATIONAL
CONTACTS
England: Thom Hetherington
Business Continuity
Phone: 0161-237-1007
thomh@tempus.demon.co.uk

Australia: Anthony J. Harvey
Journal of Business Continuity
Phone: 0011-613-953-0055-8
fax: 0011-613-953-0528
sector@notability.com.au

Japan: Shinji Hosotsubo
Quake Japan Co., Ltd.
Phone: 03-3215-2880
fax: 03-3215-2881

Brazil: Jose Carlos Ferreira
Disaster Recovery Mercosul
Phone: 55 11 3666-9506
conc2000@uol.com.br
www.drms.com.br

Click Here for a Printable Version

SEPTEMBER 11 ATTACKS

Contingency Planning Considerations Should Have Been Obvious

By DAN PERRY

Business recovery and contingency planning are frequently utilized terms where the requirements are normally misunderstood and, without exception, never completely implemented.

At my company, contingency planning responsibilities are currently unique by site, and further separated by category or function – i.e. information technology requirements are developed and exercised completely separate from facilities. Personnel bereavement and emotional issues have not been considered a part of the business contingency planning strategy.

The events of Sept. 11, 2001 proved that most contemporary plan’s primary inclusions are items such as corporate infrastructure, major IT data centers, hardware and extensive facility planning. All obviously of crucial importance in recovering a disaster riddled business. We now realize these make up only a part of the overall recovery pie. We must expand upon the obvious paradigm and think outside the proverbial box to establish total business impact, and ultimate recovery, in such situations.

It is necessary to also include such parameters as the loss of a key individual’s knowledge, the impact of unfamiliar work environments, employees’ obvious stressed state of mind, impaired ability to communicate or even the simple difficulties in commuting to and from work.

It’s difficult to imagine, much less incorporate into a business recovery plan, the amount of employee time and productivity lost, for instance, in hospital visits to injured cohorts or the staggering number of death services and funerals to be attended when thousands are impacted.

Simple things like having a place for a person to work, with a telephone and network attached desktop PC become incredible challenges.

During a time when an erroneous decision could possibly result in placing the entire company in jeopardy’s way, effective, level-headed decisions are expected from people who have just recently lost family, friends, cohorts, managers and acquaintances. Analyzing this in a calmer light would reveal management expectations, such as this, are totally unrealistic.

It’s easy, from an individual’s prospective, to define what portions of contingency planning are the responsibilities of IT and which portions belong to facilities and so on. However, many of the real issues can fall in the huge gray area lying between those, so called, obvious responsibilities.

It would be nice if each company had a contingency planning organization with corporate authority and worldwide responsibility. That organization could then take full responsibility for all activity necessary to guide the company through a period like the World Trade Center businesses are currently experiencing.

Painful lessons have been learned. It is now necessary for all of us (IT, facilities, emergency health services, purchasing, space planners, security, etc) to polish up our collective crystal balls and utilize the resources at our disposal to identify all conceivable activities of potential impact. This doesn’t mean we must commit to a multi-million dollar, automated recovery plan for each remote possibility; but we must, at least, have a comprehensive plan identifying the real business impacts and an approach for addressing each of them.

The plan must determine where each business function is going to be performed, who is going to do it and the availability of recovery equipment i.e. servers, phones, PCs, printers, copiers, faxes, as well as obvious factory equipment.

The plan must also provide an approach, when necessary, to quickly access trained, non-emotional personnel (managers and staff), who have, as a course of business, received continuous advanced cross-training, that will allow them to immediately step in and hit the ground running.

Today’s conventional organizational structure does not specifically identify business contingency planning as a corporate function. Consequently, the only way to accomplish this level of business recovery planning is to enlist, with management support, the involvement of multiple organizations. A task force should be formed from these participating groups with the main goal being a comprehensive business impact analysis to identify and quantify the value of each business critical corporate function.
My definition of a “business critical function” is, simply; to build and retain satisfied customers effectively. This requires:
• Designing quality product or service;
• Marketing and selling product or service;
• Creating quality product or service to design specification;
• Shipping product or performing service;
• Receiving payment for products/services.

If a function is necessary to properly perform any of the above activities, it is business critical and must be effectively performed through any type of adverse situation. We have to get better:
• Executive management involvement must be prevalent;
• Continuous multi site management and employee cross training should be the norm;
• Active, multi organizational task force must be formed, activated and gathered periodically to create and review any potentially new or changed requirements:
• Identify all business critical processes;
• Perform and periodically update an in depth business impact analysis.
• Total business contingency planning must be a recognized priority activity
• Disaster recovery exercise to be religiously conducted with realistic, specific disaster scenarios spanning the multiple corporate functions
• Contingency planning and exercise responsibility should be included in each responsible individual’s goals and objectives.

It will not be possible to accomplish all this overnight, but it is extremely important to expeditiously pursue this activity while the stark memories and repercussions of these terrible attacks are vivid in our minds.

Dan Perry has managed different computer support systems support organizations for more than 20 years. He has been in management with AMD for more than 13 years and currently holds the position of senior IT staff member responsible for IT disaster readiness worldwide.

To comment on this article, go to 1503-15 at www.drj.com/feedback.