Information Disaster Planning:
The Larger Perspective
By Susan Bulgawicz and Charles E. Nolan
The major disasters of 1989 have heightened business awareness of the need for sound information disaster planning. The San
Francisco earthquake, Hurricane Hugo, the AT&T brown out, and the unexpected December freezes in the South have not only
made national news, but also have prodded top management to review their plans to survive similar disasters.
Not all major disasters relate directly to the loss of paper, film, or electronic records. The Tylenol poisoning, the Challenger Disaster, Hurricane Hugo, and the recent San Francisco earthquake primarily threatened business operations and personal safety. In all these disasters, the rapid availability of current, vital, relevant information was essential to business recovery. However, the availability and use--rather than the restoration--of information were primary concerns in reestablishing normal business operations.
An information disaster plan is essentially a written, approved, implemented, and periodically tested program to identify, protect, and reconstruct/salvage an organizations vital and historical records. It also serves to establish procedures for the immediate resumption of business operations in case of a disaster.
All information disaster plans should have as their overriding purpose the survival of the business or organization. This aim is achieved first, by establishing programs to reduce the possibility or minimize the consequences of major disasters, and second, by setting up pre-established programs, including procedures and allocated resources for rapid resumption of vital business operations after a disaster has occurred.
An information disaster plan must take into consideration the larger business perspective. It must complement the business or organizations stated goals, objectives and strategic direction. It must be based on sound, cost-effective records and information management principles. It must tie together related programs in crisis management, security, risk management, vital records, and contingency planning. Finally, the plan must recognize and provide for the rapidly changing technology for creating, distributing, storing, retrieving, and disposing of information.
The people who develop, implement, and maintain information disaster plans come from many fields--data processing, risk management, security, and records management, to mention only a few. Whatever their background, the new development of information management programs has forced retraining and development of skills unavailable in the academic or on-the-job training of the recent past. Top information managers need to combine the skills associated with data processing, records management, word processing, libraries, archives, finance, risk management, and most recently, disaster planning.
Disaster planning is a growing component of comprehensive information management programs. The establishment of this journal and others similar to it, the establishment of the Disaster Recovery Institute, the increasing allocation of disaster prevention and recovery funds by businesses, and the proliferation of books and articles are indicators of this rapidly developing field.
THE BUSINESS PERSPECTIVE
The first element of the larger perspective is the companys unique goals, objectives, structure, products or services, resources, and limitations. The main purpose of an information disaster plan is NOT to ensure that a central records center or a data processing center survives, but rather to ensure that the business survives.
Understanding the business perspective means first of all that each department or function sees its relation to the total business operation and identifies its own particular vital business functions--those functions that are essential to the companys successful and profitable operation.
Crisis management, the highest form of business disaster planning, addresses the possibility that major sudden, unforeseen misfortunes may arise and threaten the companys personnel, facilities, reputation, or profits. The major components of a crisis management program are the provision for the continuity of authority during and immediately after the crisis; the establishment of a specialized team to identify, isolate, and manage the crisis; and the appointment of a company spokesperson to provide reliable, current information to the media, supervising government agencies, employees, stockholders, and customers.
In all major business crises, the major task of the information manager is to provide those with designated authority with the critical information needed to analyze and isolate the crisis so that business decisions can be made that will best serve the company and its customers.
THE INFORMATION PERSPECTIVE
An information disaster plan addresses information in all forms--paper, microforms, audio and video tapes, magnetic media, and, most recently, optical disks. Each medium has its own advantages and disadvantages in terms of identification, protection, and restoration. The plan also addresses the increasingly complex and costly equipment used to create, distribute, store and retrieve this information.
A comprehensive information management program rests on four foundation blocks, each of which has far-reaching implications for disaster planners.
The first foundation block is a commitment by top management to view information as a resource to be managed just as personnel, facilities, cash, and product development. Such a view includes the establishment of effective information policies and procedures and allocation of necessary personnel to direct all aspects of using and protecting information. Without this first building block, the information manager faces an impossible task in gaining top management support for his or her program.
The second foundation block is to view records in a life cycle. The life cycle of records is a complex model that sees each record in its totality from its creation, through its use, distribution, active and inactive storage, retrieval, and final disposition. Each stage of the life cycle is in turn shaped by the personnel, equipment, and technologies used to create, distribute, store, retrieve, and dispose of the record.
The third foundation block is a clear, concise classification of all records by records series--records created, stored, retrieved, and disposed of in the same way. The identification of records series demands careful development of a classification system that meets the unique needs of each company. Without record series, the information manager faces the impossible task of determining where, why, and how long individual records must be kept.
The fourth foundation block is a records retention schedule, indicating for each records series its department of origin, title, medium, storage equipment, active and inactive storage location and duration, access restrictions, and final disposition. Final disposition can be either destruction or transfer to archives or some similar protected storage location.
Records retention schedules are a joint effort between operating departments, tax and audit personnel, legal counsel, records management, and, where pertinent, data processing departments. Records retention scheduling is among the most difficult of tasks of information management, for it demands a joint effort to arrive at a practical business decision on the value of each records series (and thus each record). Non-existent or inaccurate records retention schedules can result in costly liability exposure or needless protection of outdated records.
These four foundation blocks provide a sound information perspective for developing an information disaster plan. Each building block ensures that the plan is both efficient and cost-effective.
RELATED BUSINESS PERSPECTIVE
An information disaster plan is comprehensive. It not only takes into consideration information in all its forms, but also incorporates all related company programs. The main programs that are closely interwoven with the information disaster plan are security, risk management, vital records, and contingency planning.
A comprehensive business and information security program should be intertwined throughout the information disaster plan. Without preexisting security programs to prevent unauthorized access to, use of, and destruction of information--particularly proprietary information--a disaster plan will be ineffective.
A risk management program is usually the domain of the insurance department. Risk management seeks to protect organizational assets and provide adequate liability coverage. The risk management program identifies potential risks and places dollar amounts on these risks. Information disaster planning adds another perspective and dimension to company insurance.
Vital records are those records needed to ensure the companys survival in case of a disaster. Not all records need to be protected and saved. A vital records program includes identification by record series of those records--paper, film, electronic--that are essential to a companys continued operation in case of a disaster, and develops programs to protect these records.
Contingency planning has traditionally been the domain of data processing. Because of the unique nature of such records, special programs have quickly evolved to protect and restore these records--programs that demand a special expertise. Both in-house and commercial programs have developed hot and cold sites for data processing restoration, alternate telecommunications facilities when usual lines are unavailable, and specialized personnel to assist in the recovery effort. Most importantly, such programs fit data processing restoration into overall business objectives and priorities. Monthly payroll and billing require that such priorities be constantly reviewed.
Disaster planning brings all these existing and projected programs together into a single, comprehensive program that is both efficient and cost-effective. As everyone who has dealt with an insurance salesperson is aware, no individual or business can provide for every possible disaster. A disaster plan provides reasonable programs to deal with probable risks.
THE NEW TECHNOLOGIES PERSPECTIVE
Ninety-five percent of all recorded information is still stored on paper. However, new technologies are continuing to provide cost-effective alternatives to paper creation and storage. Information disaster plans must not only address current information, but also look to the future. All such plans must include and provide for the new technologies.
Microforms (microfilm and microfiche) have been an integral part of managing active information for more than three decades. Their original use to protect records has long been complemented by systems to use active storage space more efficiently, allow more rapid retrieval and use, and provide for easier duplication. The integration of microforms and computers in CAR (Computer-Assisted-Retrieval) systems has further enhanced microforms use in effective information management.
Computers have revolutionized not only the management of information, but the very way we live. They are the single most important element in the information revolution whose initial stages we have all experienced and whose implications we can only imagine. The rapid expansion and development of microcomputers has provided new possibilities for coping with business disasters in general and information disasters in particular.
Optical disk storage, still in its initial implementation stages, offers new and exciting possibilities for total information management. Electronic funds transfer and electronic mail (E-Mail) are challenging traditional approaches to information protection.
The new technology also includes procedures and trends in using the rapid advancements that are constantly taking place. The proliferation of microcomputers and consequent decentralization of data processing procedures have vast implications for disaster planning.
The ever-expanding field of disaster planning provides new challenges to the information manager, whether his or her title be MIS director, records manager, data processing manager, or vice president of information services. Successful information managers will keep their own specialty in perspective and become familiar with the traditional knowledge and skills of other information fields. While many turf battles lie ahead, those who manage information best will eventually emerge as the information leaders of the 1990s. They will also develop, implement, and maintain the information disaster plans that form part of successful management policies and programs to ensure that businesses will survive during and after a major disaster.
Susan Bulgawicz, CRM, is Director of Administrative Services, Enron Corporation, Houston Texas. Charles E. Nolan, CRM, CA,
is Associate Archivist & Records Manager, Archdiocese of New Orleans. They co-authored the 10,000 member Association of
Records Managers and Administrators technical publication on disaster planning, 1988.
This article adapted from Vol. 3 No. 3, p. 13.
DR World Main Index | Return to DRJ's Homepage
Disaster Recovery Worldİ 1999, and Disaster Recovery Journalİ
1999, are copyrighted by Systems Support, Inc. All rights reserved. Reproduction
in whole or part is prohibited without the express written permission form
Systems Support, Inc.