Disaster Recovery Journal- Volume 18, Issue 1 - Winter 2005 Issue

Return to the
Winter 2005 Issue

DISASTER RECOVERY
JOURNAL

P. O. Box 510110
St. Louis, MO 63151
(314) 894-0276
Fax: (314) 894-7474
Internet www.drj.com
E-mail drj@drj.com

EXECUTIVE PUBLISHER
Richard L. Arnold, CBCP
richard@drj.com

EDITOR-IN-CHIEF
Jon Seals
jon@drj.com

SENIOR EDITOR
Janette Ballman
janette@drj.com

ASSOCIATE EDITOR
Ed Pearce, CBCP
ed@drj.com

ASSISTANT EDITOR
Pamela Clifton
pamelaclifton@hotmail.com

COPY EDITORS
Jim Hammill, CBCP
Richard Sandhofer
richards@drj.com

ADVERTISING
Robert Arnold
bob@drj.com

_____________

Corporate

President/CEO
Richard L. Arnold, CBCP
richard@drj.com

Vice President
Robert Arnold
bob@drj.com

CONFERENCE COORDINATOR
Patti Fitzgerald, CBCP
patti@drj.com

CONFERENCE REGISTRAR
Merce Knese
mercedes@drj.com

CIRCULATION
Laura Baugh
laurab@drj.com

EXECUTIVE COUNCIL
Mike Croy, Forsythe
Jeff Dato, MBCP, KPMG
John Jackson, IBM
Edward S. Devlin, E.S. Devlin & Associates
James Hammill, CBCP, JMH Consulting Inc.
Pat McAnally, SunGard Availability Services
Brian Turley, Strohl Systems
Belinda Wilson, Hewlett-Packard

INTERNATIONAL
CONTACTS
England: Thom Hetherington
Business Continuity
Phone: 0161-237-1007
thomh@tempus.demon.co.uk
Japan: Shinji Hosotsubo
Crisis Management and Preparedness Organization
Phone: 03-3519-6270
fax: 03-3519-6255
hosotsubo@cmpo.org
Brazil: José Carlos Ferreira
Disaster Recovery Mercosul
Phone and fax: 011-3666-9506
jocaff@uol.com.br

Click Here for a Printable Version

The Crisis Facing American Business
Businesses’ Technology Shortcomings Leave Companies Vulnerable

By DAVID PALERMO

The results of a recently-conducted Harris Poll show there is a significant difference between perception and reality regarding the disaster preparation of the nation’s largest companies. While C-suite executives at Fortune 1000 companies tout their ability to access critical information when faced with power outages, hackers, viruses, and natural disasters, study results show they are not being completely objective in their evaluation.
Problems continue to persist in several key areas of disaster preparation. The majority of executives surveyed admitted to having experienced a disruption in their technology services over the past year. Three years removed from the Sept. 11, 2001, terrorist attacks and one year removed from the Northeast blackout of August 2003, many companies still have not taken proper steps to ensure the integrity and accessibility of their information.
This is a problem that has the potential to affect not only the companies themselves, but the customer base that depends on them. Without a solid information availability solution that gives its employees uninterrupted access to mission-critical systems and data, a company is running the risk of losing revenues, and ultimately customers, every time a disruption occurs. IT professionals who specialize in business continuity and information availability need to be cognizant of the disaster preparedness of business partners and vendors. Will their systems be up and running in the event of a disruption? If there is a disruption, can they provide critical goods and services with which you need to ensure your company is operating normally? No matter how well prepared your company is, are business partners and vendors doing their share of disaster planning?
Here are five key findings from the survey, along with some insights into what the findings mean for both the companies themselves and business partners and vendors.

Perception is not reality because executives graded themselves with a B, while substantial deficiencies exist in their disaster preparation practices.
The surveyed executives graded themselves with a B, which is a slight improvement from last year when executives graded themselves with a C+. While the grade improvement looks promising, a further look at the study reveals a rift between perception and reality. After the 2003 survey revealed 67 percent of companies were more prepared to access business critical information than they were prior to 9/11, 2004 results reveal that only 58 percent of companies felt they were more prepared than they were before 9/11. The disparities don’t stop there. More than one-third (38 percent) said they have not increased spending dedicated to disaster preparation since 9/11 and the Northeast blackout. Can companies claim to be more prepared if they have not dedicated an increased amount of resources to the task? If a business partner or vendor falls into this category, can you be assured that in the event of a disruption, the critical goods and services you need to be provided to you will be, in fact, provided to you? If you are a partner or vendor, does the cost of increasing your level of disaster preparedness outweigh the loss of business and customers you face if you can’t honor service-level agreements?

Compliance is a problem because nearly one-in-four (22 percent) respondents said their company did not meet regulatory requirements for business continuity, information security, and/or electronic records retention.
This statistic is extremely troublesome. Considering this was a survey of Fortune 1000 companies, and 96 percent of companies surveyed are publicly held, this issue of non-compliance is a cause for concern. Even after 9/11, the Enron scandal and numerous natural disasters that could have crippled a company’s infrastructure, there are still more than one-in-five publicly held companies without a proper back-up plan in place. In an era of elevated national security, this is more troubling than ever. Any public company – whether it is your company, a business partner, or a vendor – needs to meet the necessary regulatory requirements or feel the wrath of a government looking to restore the public’s trust in corporate America.
Companies know it happens, but still aren’t taking enough prevention measures as more than half (54 percent) of respondents admitted to experiencing a disruption of their technology services in the past year.
While the national study indicates there have been fewer disruptions than those companies surveyed on a regional basis (70 percent), disruptions have been happening often. Even though companies have recognized that disruptions in services happen, 30 percent of those surveyed have not tested the systems they have in place to assure access to business-critical information in more than six months. One-in-10 (10 percent) have not tested these systems in more than a year. Unfortunately, disruptions occur. The key to never going down in the first place is making sure information is always available. Your business partners and vendors should be testing on a regular basis to ensure when a primary system goes down, there is minimal downtime and minimal effect on companies that use its goods and services.
Disaster preparation is not “top of mind” in the boardroom because more than half (56 percent) of the respondents said their company discusses policies regarding access to business critical information either not very often or not at all.
Without the constant reminder of a large-scale disaster, it seems top-level executives aren’t paying enough attention to this matter. If top-level executives are not talking about disaster recovery and business continuity, can they be expected to provide the necessary resources to help create and implement adequate plans? Are your top executives talking about this? Are your business partners’ and vendors’ top executives talking about this? If they hope to have a long-term relationship with your company, they should be making sure they take all the steps necessary to ensure that should their company have a disruption, your company doesn’t notice.
Power outages (33 percent) were responsible for the most amount disruptions, followed by virus/security breaches (22 percent) and hardware failures (22 percent).
The Northeast blackout of 2003 likely caused the spike in power outage-caused disruptions. However, network security is still an extremely important issue as noted by the nearly one-in-four who responded that a virus/security breach caused the company’s last disruption. While power outages caused the most disruptions in the past year, respondents consider computer hackers (36 percent) to be the biggest threat to their company’s access to business critical information. The concern over hackers has doubled in the past year as has the concern over power outages, which at 20 percent, is up from 10 percent just a year ago.

The results of this Harris Poll paints a somewhat negative picture of the state of disaster preparedness on a national level. The findings of the survey conclude that American business is simply not doing enough to ensure the integrity and accessibility of its mission-critical data.

IT professionals who specialize in business continuity and information availability need to determine how prepared business partners and vendors are for a disruption. We need to look at our business partners’ and vendors’ disaster planning with as critical an eye as we look at our own disaster planning. As we all know, your customers don’t care why they didn’t receive their product or services. All they care about is the fact that you didn’t provide them with what you promised. Don’t let your partners’ and vendors’ lack of planning cost you customers.

David Palermo, vice president of marketing for SunGard Availability Services, leads the marketing strategy, research and communications functions. Palermo is a 17-year marketing veteran with experience in sales, product marketing, marketing communications and strategic planning in the consumer and high tech industries.