Spring World 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 30, Issue 3

Full Contents Now Available!

Now that we are approaching the home stretch, it’s time to focus on a few details and speculate. So, with the turn of a few pages on those new 1999 calendars, we note with some relief that Dec. 31, 1999 is a Friday. Ha! We have the weekend, plus the New Year’s holiday Monday. No sweat... three days to fix any glitches. So what do you do? How do you plan to effectively use this window of opportunity?

Each and every one of the organizations planning for the millennium rollover (MR), and a slew of other dates starting this year and extending into 2001, will look closely at the post-Christmas period this year. There will be more planning for the days from Tuesday, December 28, 1999 to Wednesday, Jan. 5, 2000 by organizations throughout the world than has been devoted to space exploration. No organization can afford not to consider what it will do during this period. To sit and wait without forethought is an invitation to law suits claiming a lack of due diligence. So let’s look a little more closely at these critical days and speculate on what might be happening.

Time is running out to fix the millennium bug. What will happen to your company if it is too late to fix every system, or you are not certain that everything will work properly in the new millennium? If you are responsible for business continuity, then you need a contingency management plan to protect against Year 2000 (Y2k) failure.

A Y2k contingency plan cannot take the place of fixing and testing your systems. Develop your Y2k contingency plan in parallel with any Y2k efforts. Communication must be synchronized between projects to leverage data collection, resources, preparation, response and recovery strategies.

A Y2k contingency plan is different than a traditional business continuity plan. It is written into any existing plan(s) to enhance protection from the Y2k crisis, viruses, failed upgrades, and software bugs. This methodology attacks the Y2k problems through failure identification, monitoring, alternate processing, upgrading, and litigation.

Introduction

There is no doubt the dynamics of the information marketplace are robust. Everyday, businesses not only generate a plethora of information, but also continuously receive it. Be it through scanned documents, desktop word-processing, e-mail, voice files, video files, incoming mail, etc., a given company’s information infrastructure is steadily bearing a heavier load. The agents most directly involved in causing this increase are internal and external forces—users and clients—which consistently demand quick access to relevant information. How to successfully manage this demand is the challenge Information Component Management is designed to meet.

Industry leaders tend to talk about the Year 2000 crisis as a technical problem that affects businesses throughout the world, with very little attention paid to the human element. But while the problem starts out in the computerized, date-sensitive information systems of companies around the world, the effects will ripple through every community a business touches – its suppliers, its vendors, its customers, and even its employees.

A big part of the problem is the "cascade effect," which means that even if your company has retrofitted all of its systems to be Year 2000-compliant, those you do business with – namely your suppliers and vendors and their suppliers and vendors – may not have. That cascading effect could interrupt your business, or in the worst case, effectively put you out of business.

"Take the manufacturing environment. Manufacturers are dependent on other companies for the supply of goods. Your suppliers may not have a plan to deal with the Year 2000, or their suppliers may not have a plan in place," says Richard Wnek, vice president of risk management engineering services at CIGNA International, a global insurance company headquartered in Philadelphia, PA. "You get down to the level of power supply or order supply of raw materials and if you don’t have those, you can’t make the subcomponents that go into the finished product. There is a tremendous interdependency."

At its core, the Year 2000 crisis is a unique computer problem. But ultimately, the cascade effect makes it a human problem. The cascade effect trickles down to the bottom of the food chain – a family in middle America that cannot live without electricity or heat, or an employee whose job is eliminated because her department’s systems were not deemed important enough to fix.

Is having a plan enough? NO!

In late 1997, as Corporate Contingency Professionals (CCP) we were charged with exercising recovery plans of diverse business units covering multiple states for a regional corporation. Our experience to date underscored an important fact. Although everyone talks about the need for recovery plan exercise, little is available on how to prepare for and conduct exercises.

Hearing industry buzzwords about exercises (plan review, tabletop, component, on-site, off-site, etc.) does not provide a roadmap. The question was where to start, how does one develop realistic scenarios and credible questions to exercise the plan document in a format of benefit to participants. It was a big challenge!

The critical elements of required information included definition and benefits of exercise types; practical approaches with limited resources; determing how each type was utilized; what was needed to start.

We quickly determined that a plan review was inadequate to address recovery requirements in event of an interruption. We were not knowledgeable about business unit resources, and they did not know how to prepare for a disaster. For those reasons, we focused our development time on use of a tabletop exercise.

This article provides a brief description of a tabletop exercise, a number of the format advantages and finally our suggestions for a successful project.