Many businesses believe that they are in little or no danger of losing their data stored in their computer system. The all too common attitude is that it is a waste of money to invest in a contingency plan because it may never be used. In addition, some companies believe that a contingency plan would, in most cases, be rendered useless, as each disaster is unique. These assumptions are often wrong or the reasoning is oversimplified.
The purpose of contingency planning is either to prevent the loss of important information or to decrease the impact of a disaster. By having a contingency plan, a company can be “up and running” in a matter of hours, days, or months, depending on the severity of the emergency. A company with a functioning contingency plan may diminish the risk of their business expirations. Without a plan, it may go out of business or bankrupt because it could not get operations back on track due to the loss of financial data and records. Contingency planning is not something that a company can install spontaneously; time must be taken to evaluate the company and its security methods.
ADVANCE PLANNING IS ESSENTIAL
The most difficult problem that a company faces when deciding to implement a contingency plan is the amount of advanced planning that needs to be done. The plan can incorporate anything from the most trivial, such as the loss of electrical power, to a more disastrous scenario, such as the loss of an entire computer system. It is often next to impossible to have a contingency plan that covers everything and considers all possible occurrences. However, a contingency plan can and should be used to mitigate the severity of an emergency.
DEFINING the RESPONSIBILITIES OF KEY PEOPLE
The paramount requirement in establishing a contingency plan is to define individual responsibilities in the event of an emergency and ensure that everyone involved knows what they are to do. In addition, the chain of command must be established and clearly stated so that the directions are understood and will not be questioned during a crisis. The authorized person must be immediately alerted and aware of the emergency in order to decide the actions to take. He or she then needs to contact the members of the recovery team, begin the stand-by, and salvage operations as quickly as possible.
The contingency plan itself is probably insufficient to deal with all the emergencies that could arise. Thus, the person in charge must not only be able to delegate authority, but must also rely somewhat on the actual contingency plans and the results of earlier recovery drills to expedite the recovery process.
PROBLEMS RESULTING FROM OUTSIDERS
Besides the actual destruction resulting from an emergency, other problems arise which have to be dealt with in order to survive. Such problems can include:
- media and police
- responsibility to the families
- opportunities for fraud
- looting or vandalism
- safety and legal problems
- expenses beyond those within the authority of the emergency manager.
In addition, it is a mistake to assume that those who are most effective under normal conditions are most reliable when a crisis occurs. Top management needs to give their support to those dealing with the emergency, and they need to help minimize interruptions to the recovery process or team.
CONDUCT CONTINGENCY DRILLS REGULARLY
Goodwill and familiarity will facilitate matters in a crisis. Familiarity with procedures is the reason for drills and rehearsals. Established backup arrangements always decay with time due to the changing environment--much like two managers adjusting their systems for their own needs. Unless the backup plans are checked regularly, the recovery plan will be of little use in a crisis. For example, when an emergency occurs, the stand-by site may have different hardware and software than that of the operating site. The time to update the hardware and software is hardly at the time of crisis. The required time needs to be allotted and scheduled for the recovery process, not the updating procedures. In the event of a crisis, the equipment suppliers are often the company’s best avenue of help by upgrading the stand-by system or configuration so that it can handle both workloads for a short time.
Software, operating manuals, and data are particularly difficult resources to replace. Copies of files and programs need to be stored where they can be retrieved quickly. In addition, they must be accurate, up-to-date, and have an authorized signature for release. The keeper (usually a librarian) is an important person to notify in the event of an emergency since he/she knows where everything is stored within the facilities.
DEFINING DUTIES BEFORE THE EMERGENCY
The recovery team will need other information such as which jobs are important and which can be suspended until the computer system is recovered. These people will need to know how to change the programs to cope with each situation and will, therefore, need access to programming, systems, and operations documentation.
If the contingency plan is to be effective and efficient, the employees will need to rehearse so that they are familiar with the system. If there are no rehearsals to go along with the contingency plan, chaos is inevitable. It is much better to have chaos reign during a rehearsal than an actual disaster; hopefully, the rehearsal will reveal previously undiscovered flaws in the plan. Should someone not know what the procedure is in the event of an emergency, then he/she should call someone who does.
GAINING TOP MANAGEMENT SUPPORT
Besides giving support to their subordinates, top management needs to be ready for possible pressure applied by staff through the computer system. Because top management is well prepared, they ought to be able to handle such threats as a mass resignation by vital staff, industrial action in support of a wage claim, or blackmail from someone who has access to vital data.
In order to be able to organize a contingency plan, the company needs to evaluate its needs and then choose a backup service that will fit. Several services might be utilized:
(1) Mutual aid agreements (also known as “handshake agreements”) are when one company agrees to provide backup facilities for another company and vice versa. For this plan to work, half of one company’s information processing workload needs to be disposable so that it will be easily absorbed by the other. Both companies need to consider the fact that in order to support one another, their own operations will be hampered.
(2) Commercial service bureaus may be used on an interim basis until another option is secure, but there are drawbacks. One is that priority treatment is not feasible, and another more serious one is that it does not preserve confidential data.
(3) Vendor backup facilities provide installation of specified configuration and allow selected customers the use of their facility in the event of a major breakdown in their information processing environment. The company needs to consider that the vendor’s facility will not match the exact configuration requirements of the company’s own system. The vendor’s primary reason for allowing the use of their facility is that it gives the company the chance to test software and application programs prior to the installation of their new equipment. It also gives the company a chance to test/use new software without disrupting their operations.
(4) Company multiple sites are becoming more popular because of the advantage of a corporate-owned dual site. This allows a reasonably smooth recovery process because each site’s configuration is designed to support the combined critical processing load of a company. The company needs to have established policies that dictate security standards, and the proper information processing environment needs to be clearly defined. In addition, the tasks involved need to be designated among a staff already familiar with the operations of the company. While this backup service is expensive, the cost may be justified if the company benefits from it.
(5) Empty shell facilities (or cold-sites) are also becoming popular. This service requires that a company maintain or contract for a fully prepared computer room for emergency use. These facilities maintain the computer environment, including electrical power, raised flooring, communication facilities, security system, air conditioning, humidity control, and storage and office space. They may also offer off-site record storage. If the recovery facility is located near an empty shell facility, then data is already where it is needed. Some companies also install motor generators, modems, cabling, and connectors.
(6) Dedicated contingency centers (also known as “hot-sites”) are a fully-equipped computer facility available for use in an emergency. Only the necessary hardware requirements to deal with the most critical applications are stored here. These centers are expensive, but the cost is not significant considering that the company’s operations can be “up and running” within hours after a computer outage.
7) Backup combinations need to be considered when evaluating backup services. The most viable back-up combination is the dedicated contingency center along with the empty shell approach. This allows a company the ability to be preparing the shell for occupancy while being able to process at the hot-site. If a combination approach is used, it must encompass a broad range of issues such as identifying critical applications, damage assessment, and evacuation procedures.
LIMITATION OF CONTINGENCY PLANS
Along with the evaluation of the types of back-up services from which a company can choose, the company needs to understand what a disaster recovery plan is designed to do. The plan is a special type of system that many professionals find complex and difficult to work with efficiently. It is known as an on-demand system that needs to be kept in readiness to perform in the situation in which it is needed. The system carries out the task while the plan to be followed remains feasible, current, and complete. It is intended to provide an orderly, efficient, and expedient way for reaching a particular result. The plan is only the tool to reach the result--but it is not the result itself.
When the contingency plans are shared with those directly involved in the recovery process, four key problems are usually involved in the recovery process:
(1) The people involved do not read the plan because they do not want to consider the potential devastations that may befall their company.
(2) The plan itself understates the severity of the impact of a disaster.
(3) The plan is not tested realistically on a frequent basis.
(4) The plan is usually not modified and/or updated to reflect the changes in the environment or weaknesses in the plan revealed through testing.
These problems show the inadequacies in the design of the system for carrying out the disaster recovery process. Therefore, in order for a contingency plan to be effective, everyone needs to be supportive of the plan and they need to know the system.
CREATING AN EVALUATION TEAM
To create a contingency plan, a company needs to have a team that evaluates the system. These members need to be from within the company or contracted externally. Together, they can identify the potential problems that may occur. If they perform separately, then their credibility and perspective may be questioned. In addition, there are groups and organizations which meet to discuss their problems with contingency planning. These sessions are helpful in that potential solutions are given.
Contingency planning is a crucial function of any business. Although planning involves both time and money, the results are well worth the effort and expense. Some crucial considerations are whether or not a company can afford to ignore the potential risks that it faces without having a plan to follow up on and if they can afford to lose money and possibly go out of business due to the negligence of top management. The results of ignoring the risks are too large and complex to not consider investing in contingency plans.
Dr. Forcht and Dr. Pierson are Associate Professors of Information and Decision Sciences at James Madison University’s College of Business.
This article adapted from Vol. 3 No. 3, p. 41.Printed In Summer 1990