By Stephen McGrady
Principal
There’s nothing like the unthinkable happening to make businesses realize that the unthinkable really can and does happen. This was the case with the 9/11 attacks, which not only collapsed two towers, but also left a significant part of lower Manhattan closed for business for quite some time. By 9/12 the necessity of preparing for disasters was at the forefront of every executive’s mind.
That said, disaster preparation is a multi-faceted endeavor. The two biggest aspects are known as Disaster Recovery (DR) planning and Business Continuity Planning (BCP). The following is a high-level introduction to both…
Disaster Recovery focuses on IT operations
Disaster Recovery planning aims to ensure that if something happens to your IT systems, such as a disk drive that contains critical data crashing, or even an entire data center going down, you’ll be able to quickly recover your data and get things back up and running.
Most DR plans are based on having servers at multiple locations, with data being replicated between these servers in near real time. So, for example, if a power outage takes out a company’s data center in New York, there will be another data center in Kentucky that’s ready to take over…and possibly additional data centers in other locations as well. More advanced DR plans take advantage of the cloud to distribute data and processing, thereby avoiding having single points of failure.
Disaster Recovery planning encompasses both the plan itself and regular tests to see if the plan actually works. Can you successfully failover your data to the secondary site? If failover process works, can you move everything back again?
Business Continuity Planning focuses on business operations
Keeping the IT system up and running is vital. However, if your computer systems are up but your people have no place to sit, you’re still not in business. What happens, for example, when your people can’t come into your call center to answer the phones? What if you can’t continue your pharmaceutical trial because you can’t get into the building? Every C-suite must be concerned with the business’ ability to continue operations during and after an emergency.
While DR planning has probably been on most organizations’ radar for decades, the focus on BCP really got heightened after 9/11. In fact, “tell me about your Business Continuity Planning” is now something that audit committees routinely ask C-level management. In addition, if you ever need to use the “prudent man” defense after something goes terribly wrong, you won’t have a leg to stand on if you didn’t have a Business Continuity Plan.
What kinds of emergencies does Business Continuity Planning address?
The list of types of emergencies that BCP needs to address can seem endless. BCP should address everything from natural disasters (earthquakes, fires, floods, blizzards, hurricanes), malware attacks and civil unrest to violence in the workplace (such as an active shooter situation), transit strikes, general strikes (which are more common in India and Europe), and much more.
A third aspect of disaster preparation
It’s important to note that Business Continuity Planning and Disaster Recovery planning are two legs of a three-legged stool. One addresses business operations, and the other addresses information technology. Leg number three is “alerts,” or what some people refer to as “sirens and ambulances.” This addresses the response to the actual emergency itself.
When something happens, such as a fire in the server room, how will you know it is happening? How will you alert a range of people (from others in the building to the fire department) that it is happening, get everyone affected safely out of the area, and procure medical treatment for anyone who was injured?
Conclusion
In my next article I’ll address a four-step approach to Business Continuity Planning, all four of which are part of CIOPS’ area of expertise. If you need help getting Business Continuity Planning in place at your organization, please call us today.
About Stephen McGrady
Stephen McGrady has served in technology vision and leadership roles, including Vice President of Services, Chief Information Officer (CIO) and General Manager, for over 20 years. Since 2006 he has focused on executive management consulting that enables business clients to improve performance through intelligent use of information technologies.
About CIO Professional Services
Based in the San Francisco Bay area, CIO Professional Services LLC is a top-rated Information Technology (IT) consulting firm focused on integrating Business and Information Technology. Our consultants are all hands-on executives who are veteran CIOs and Partners of Big 4 consulting firms. Companies come to us seeking assistance with their information technology strategy as well as for interim or fractional CIO / CTOs, and negotiation and program management/project rescue assistance.
