DRJ's Spring 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 32, Issue 1

Full Contents Now Available!

The U.S. Gulf Coast suffered a one-two punch when Hurricanes Katrina and Rita barreled onto the populated coastline. Katrina, which struck August 29 near New Orleans, packed the biggest blow, with extensive damage along 90-miles of coast in Louisiana, Mississippi and Alabama. Rita roared ashore near the Texas/Louisiana border on Sept. 24, causing flooding and wind damage.

Katrina, a Category 4 storm when it hit landfall, has become the costliest natural disaster to occur in the United States. Experts say Hurricane Katrina caused about $35 billion in insured damage. When flood damage is included, the number could jump as high as $60 billion. Nearly 1,300 people died and thousands more were injured.

Early estimates for Hurricane Rita, a Category 3 storm, set the insured property damage at about $5 billion. This does not include flooding or offshore oil rig damage.

The business community was especially hard-hit when Katrina struck. Louisiana Governor Kathleen Blanco said the flood wiped out 40 percent of businesses. While some businesses may be operating in temporary quarters, many are in a holding pattern as they wait for federal assistance and insurance estimates.

Industry service provider Sungard Availability Services reported 128 alerts and 32 disaster declarations from Hurricane Katrina. With Rita, they had 153 alerts and 26 disaster declarations.

Emergency responders called into action after Hurricane Katrina were put to the test as they handled thousands of emergencies in less than ideal conditions.

Brandon Bond, team member with the Disaster Medical Assistance Team CA-6 gives a first-hand account of his experiences. DMAT is a volunteer team organized under the National Disaster Medical System and operates under the U.S. Department of Homeland Security to provide emergency medical care during times of disaster.

Bond, a disaster preparedness manager for Kaiser Permanente in Oakland, Calif., was deployed to Houston, Texas, with his team on Sunday, Aug. 28, one day before Katrina made landfall on the gulf coast.

Names have been changed to protect both the innocent and the guilty. I am looking at the business continuity plan for Company A. I am not working for Company A or any organization that would have Company A as a critical vendor – although Company A’s services most definitely fall into the “critical vendor” category. So why do I have the plan on my computer? Someone at Company A breached corporate security.

I’m Honest, But . . .
The information on my notebook basically is Company A’s disaster response plan. In truth, it’s a pretty good plan.
If I was working for an organization that had Company A as a critical vendor, I would be delighted to see the plan.
If I was working in the agency that regulates Company A’s business, I would be delighted to see the plan.
By the same token, if I was a disgruntled Company A employee, ex-employee, competitor, or just someone who wants to make a “statement” at Company A’s expense, the plan could be just the tool I need.
DRJ’s pages have been the venue for plan security on several occasions, but none of those occasions addressed the “public plan,” a plan which meets client and regulator requirements but maintains the level of secrecy needed to protect the Company As of the world from prying eyes.
We need to find a way to create this “public plan” as painlessly and economically as possible.

What Does a Planner Need to See

Obviously, a planner would like to see the entire plan, from proposal to final deliverable.

What better way to improve the planner’s effort than by looking at others’ work?

The question, however, is what does the planner need to see to develop a reasonable level of confidence that the organization for which the plan was developed meets all the requirements.

In today’s “24x7” technology-oriented and customer-centered world, customers expect organizations to maintain continuous availability and accessibility of products and services. As a result, managers must ensure that organizational processes and supporting systems continue to function in the event of disasters or severe outages. Business continuity planning, as defined by the DRI International and the Disaster Recovery Journal, is “the process of developing advance arrangements and procedures that enable an organization to respond to an event in such a manner that critical business functions continue with planned levels of interruption or essential change.” Done well, this planning process leads to business continuity readiness or the readiness of an organization for a disaster or severe outage.
This article presents the concept of perceived organizational business continuity readiness and the results of a research project that developed a tool to measure it. The questionnaire developed in this research is an assessment tool that managers can use to evaluate perceived readiness at both a firm level, and potentially, at an industry level. It is important to note that, since the questionnaire captures the perceptions of individuals about their organizations, this survey assesses perceived organizational business continuity readiness, not actual readiness.
We developed and tested this measurement tool using generally accepted statistical procedures for scale development proposed by Gilbert Churchill (1979). Our research steps are outlined in Table 1. The purpose of this type of research is to develop a comprehensive set of questions to measure a concept and then reduce the number of questions to a manageable number, with a minimum loss of information, while ensuring the validity and reliability of the resulting survey. In the following sections, after we describe the procedure for constructing and refining the measurement questionnaire, we demonstrate how managers can use it as a tool. We show how our results can help managers to assess the perceived readiness of their organizations, using norms developed for perceived business continuity readiness which are provided for several categories, including industry, size of the organization, and certification level and perceived expertise of the responders. We conclude by suggesting opportunities for future research.

There are two types of companies. Those that have already experienced a serious data loss and those that will. It’s just a matter of time.

Unfortunately, most companies think their existing data storage and back-up plans will protect them from massive data loss. Too often companies are caught unprepared or unaware of a hole in their process. When faced with data loss or corruption, the back-up archive is one of the most appreciated and loved objects in the entire universe. However, if backups only extend to the perimeter of the enterprise data center, a rude awakening may not be far off.

While we suspect this is true, we’re still faced with a perplexing problem: We’re now being forced to go beyond tradition enterprise data center backup – capturing users files on PCs, file servers, and various other forms of distributed and unstructured data – but we haven’t necessarily been given more resources or more time to do so. Effectively, we have more to do and less time to operate in to be sure our organizations can fully and quickly recover from a data-loss disaster.