DRJ's Spring 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Winter Journal

Volume 31, Issue 4

Full Contents Now Available!

Corporate governance is the system by which companies are directed and controlled. It is the way in which the corporate boards and officers set the policies and handle the affairs of corporations. Initially, the focus of corporate governance was to protect shareholders of the corporation, but with increasing emphasis being placed upon corporate governance and associated policies, current thinking defines corporate governance as a corporation’s responsibility to stakeholders (irrespective of share ownership).

This fundamental shift means increased importance on external influences (e.g., new government regulations) and the need for corporations to be proactive in responding to governance variables, as opposed to the typical reactive mode in years past.

The primary driver of corporations finally beginning to give governance issues priority were corporate scandals (Enron, Adelphia, Arthur Anderson, et. al.) that shook the confidence of stakeholders and raised the ire of legislators on a global basis. The perceived and actual failure of corporate governance and internal controls and the regulatory focus on ensuring sound internal controls are established for at least the financial elements (auditing) of the organizations.

The most significant legislative trend is the reoccurrences of management accountability with significant civil and criminal penalties specified in the various regulations, should management fail to prove due diligence in protecting the corporate assets and reporting accurate information. Few at the most senior management levels will be able to claim ignorance with any hope of protection from civil or even criminal penalties.

You are the business continuity planner for a large financial services company having just completed an estimated three-year project to develop and implement a corporate-wide business continuity program. This program includes your corporate headquarters and non-corporate physical locations including subsidiaries. Life is grand! You completed your project a year early and under budget by one-third of estimated expenditures.

All 40 of your profit-centered business area vice president managers are thrilled and thoroughly knowledgeable about their area’s BCP, and they have ensured that all of their managers and staffs are equally knowledgeable. The vice presidents pester you to schedule tests for their plans and drop everything to attend to your quarterly update maintenance requests.

Senior management praises the benefits of having a corporate-wide BCP program in place and often invite you to lunch with them to discuss risk management issues.

When you come up with a new idea to improve your program, managers drop what they are doing, respond quickly and thoroughly to your initiative, and assist you in implementing, communicating, and training to make sure all company employees are aware of the change as soon as possible ...

When we think of Niigata prefecture in Japan, we think of exceptionally delicious rice, or perhaps the exceptional sake produced from that delicious rice, but not critical business infrastructure. However, when a series of large earthquakes struck the Chuetsu area last October, the business impact rippled across Japan.

The first earthquake struck the area, about 125 miles northwest of Tokyo, at 5:56 p.m. on Saturday, Oct. 23, 2004. Then, just 16 minutes after the first 6.8-magnitude quake struck at a depth of about 10 miles, a second, much shallower 5.9 magnitude earthquake caused even further damage and more horrific shaking at 6:12 p.m. A third major aftershock arrived in rapid succession at 6:34 p.m., followed by a fourth at 7:46 p.m.

During a period of four days, the area was rocked four times by 6.0 magnitude or greater earthquakes, and experienced 15 aftershocks strong enough to knock objects from shelves. In the ensuing weeks, traumatized residents were further terrorized by more than 800 nerve-jarring aftershocks of palpable strength.

Considering the number and severity of these earthquakes, the loss of life might be considered mercifully low. A total of 40 people were killed, and about 4,500 people were injured. Damage to property and infrastructure was quite extensive. Recent typhoon rains and floods had waterlogged the soil which led to increased landslides.

Some 90,000 homes were damaged and nearly 3,000 houses were completely destroyed.

Damage closed many highways and roads, completely isolating some communities. All 2,167 residents of one village were evacuated by helicopter to a neighboring city.
Reports of multi-car collisions resulted in the immediate closure of all expressways in the prefecture, and one section of the major expressway in the area remained closed for nearly two weeks. All train service in the region was also halted and heavy damage was discovered in tunnels, and on elevated bridges. Five conventional rail lines were damaged with restoration efforts mounting into weeks. High speed Shinkansen or “bullet train” service into the region remained closed for more than two months.

With all the terms and abbreviations being used today regarding risk management – BCP, DR, EBR, RPO, RTO, SLA, etc. – a conversation about data protection and risk mitigation sounds like a bowl of acronym soup. And this stew of confusion is peppered with an urgent sense that such matters need to be addressed PDQ. In fact, major technology decisions are currently being made in an attempt to respond to pressing issues. But, at the same time, many still ask, “What does this all really mean?

Why are people trying to sell me on a business continuity plan when we already have a solid disaster recovery solution in place? We bought four terabytes of storage this year, implemented a new storage area network (SAN) with all the built-in bells and whistles, and I back-it-up-to-tape. Isn’t that a disaster recovery solution?”

Viewing risk management through a clear broth rather than a pea soup requires keeping just a few basic distinctions in mind. 

With all the miles I log driving the vast Texas highways, sooner or later I know the odds will catch up with me and my car will end up with a flat tire. It may be an inconvenience, but I don’t worry because I always have a spare that will adequately cover my needs until I can replace the damaged tire. If only it were that easy traveling the information highways in today’s business world, where downtime of a mission-critical application can mean significant productivity and financial loss to a company and even an inability to operate at all. Many companies assume that they are covered with their own “spare” because they maintain replicated copies of critical application and data.

For today’s businesses, a replication system – a second copy of corporate data that is stored in a remote datacenter to ensure data continuity and application availability – is a solution that must work 100 percent of the time. Period. Unfortunately, the reality is that most replication solutions are inherently complex and prone to failure. While replication serves an important function in the enterprise, it is important for IT executives to understand the most common causes of replication failure and to evaluate these against their own company’s efforts.