Computerworld - With the damage caused by Hurricane Katrina still fresh in the minds of many corporate executives, more than a dozen major financial services firms and leading vendors announced this week they are devising disaster recovery and business continuity standards to help companies gauge their preparedness for future disasters.
Led by the New York-based Financial Services Technology Consortium (FSTC), the Resiliency Maturity Model Project will for the first time create benchmarks and define terms for business continuity planning across all areas of a financial enterprise -- and even for companies in other industries, according to Charles M. Wallen, managing executive of FSTC's Business Continuity Standing Committee and the project's director.
"Katrina is one of many large-scale events that reaffirm the need to have strong business continuity plans and to provide a road map for third-party providers to understand what's needed," Wallen said. "We have to do a better job at raising the bar. The financial industry in particular is looking for ways to go outside the box with planning."
CitiBank and J.P. Morgan Chase & Co. in New York, Bank of America Corp. in Charlotte, N.C., and MasterCard International Inc. in Purchase, N.Y., are among the companies involved in developing the standards. The group also includes IBM, Carnegie Mellon University in Pittsburgh and the Disaster Recovery Institute International in Falls Church, Va.
Wallen said the project, which is expected to be completed by next spring, should give companies a road map to adequately plan and measure their resiliency against a set of industry standards. The project is in part a follow-up to the FSTC's Business Continuity Compliance Project, which was completed in June and pulled together more than 100 global continuity regulations into a single set of terms and definitions. In August 2004, the FSTC also led an effort among eight financial services firms and vendors that involved comparing notes on disaster recovery schemes.
Brian Finley, chief technology officer at PSSD World Medical Inc., a $1.5 billion medical supply equipment company in Jacksonville, Fla., said standards are good. But he knows many companies still won't bother to use them to prepare for disasters.
PSSD's Jackson, Miss., call center lost power and communications for a week after Hurricane Katrina pummeled the Gulf Coast on Aug. 29, and it had to be relocated to a disaster recovery facility in Atlanta owned by SunGard Availability Services. Finley said his company has tested the disaster recovery plan each of the eight years it has contracted with SunGard, but many other users don't.
"I've seen and heard of customers that never test. Even if you create a set of standards, somebody's got to buy into those standards and someone has to financially back the testing and documentation and the process and controls around it," he said. "Until you have that impetus at the business side, I don't think a set of standards is going to fix the problem."
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
