Bart Perkins: After Superstorm Sandy, an opportunity to be better prepared
Computerworld - It's a pretty safe bet that a lot of organizations in the Northeast are bulking up their business continuity plans (BCP) right now. That's because many of them were left in the rubble following Superstorm Sandy, and experience is often the best teacher.
If your organization escaped that disaster, you should let the experiences of those that got hit be lesson enough for you. Don't wait until it's too late; the whole point of a BCP and an information systems contingency plan (ISCP) is to be prepared before catastrophe strikes.
Unfortunately, we're all adept at postponing planning. Let's face it: ISCPs are not cheap, sexy or fun, and often they aren't even used after time, money and effort have been spent developing them. And we tend to think that a business-crippling disaster just isn't likely. The odds are indeed low. Category 5 hurricanes like Andrew (South Florida, 1992) are relatively rare, and the chances of one hitting New York are extremely slim. That's one reason why Sandy is so instructive.
Compare it to Katrina (Gulf Coast, 2005), which trumped Sandy in many ways. A Category 3 storm when it went ashore, Katrina caused damage that was assessed at $120 billion and led to 1,836 deaths. Sandy was barely a Category 1 when it hit the coast, and it caused $30 billion to $60 billion in damage and resulted in 109 deaths. But Sandy had a much bigger impact on business. The three states most affected by Sandy are home to 85 Fortune 500 headquarters, compared with 20 in the area affected by Katrina. Sandy's power outages affected 8.4 million people (and thousands of businesses), whereas Katrina left 1.7 million people without power. And Sandy's impact was felt throughout the world economy when it forced the closure of the New York Stock Exchange and many U.S. government offices.
In other words, a storm doesn't have to be a record-breaker in terms of strength to cause tremendous havoc. And businesses located along the coast aren't the only ones at risk. There are all kinds of disasters, including earthquakes, tornados, wildfires, tsunamis and blizzards.
I've heard people argue that ISCPs don't increase revenue, cut costs or create new services. That's true, but they can help to avoid costs and prevent devastating drops in revenue. And creating an ISCP identifies potential vulnerabilities, whose elimination strengthens IT robustness.
What's more, an ISCP can help with compliance. Increasingly, professional organizations and federal guidelines strongly encourage or mandate BCPs. For example, the National Association of Securities Dealers requires the creation and maintenance of a BCP. Sarbanes-Oxley Section 404 requires management to establish and maintain "adequate internal control over financial reporting." The inability to recover after full or partial outages could be considered noncompliance.
An effective ISCP project has four phases. First, fund it. Second, create a comprehensive ISCP. (NIST provides an excellent model.) Third, test it regularly to verify the integrity of planned operations and to ensure that employees understand their responsibilities. Fourth, update the ISCP periodically, to reflect infrastructure changes and add support for new services, such as BYOD, mobile access and big data. Beyond that, examine existing ISCPs to find holes in coverage. And don't forget supplier exposure!
With Sandy fresh in mind, take advantage of management's increased awareness of the threat of natural disasters. But act quickly; memories will fade. Develop an ISCP before this window closes.
Bart Perkins is managing partner at Louisville, Ky.-based Leverage Partners, which helps organizations invest well in IT. Contact him at BartPerkins@LeveragePartners.com.
More by Bart Perkins
- Bart Perkins: How to keep projects on track
- Bart Perkins: Power to the people's devices
- Bart Perkins: Pester no more: How to handle the FCC's new rules on robocalls
- Bart Perkins: 3D printing is IT's next big challenge
- Bart Perkins: Benchmarking is great, when it's not a waste
- Bart Perkins: Global standards, meet local constraints
- Bart Perkins: Congratulations on your new supplier. Got a good prenup?
- Bart Perkins: Can't buy you love
- Bart Perkins: Jousting for jobs
- Bart Perkins: Unresponsive suppliers might just not be that into you
Read more about Management in Computerworld's Management Topic Center.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- ERP in the Cloud and the Modern Business View IDC's White Paper, to review IDC CloudTrack Survey findings, gain expert insight into the challenges and opportunities the cloud presents, and determine...
- Study: Total Economic Impact of Google Apps Employees can work faster and IT spending can decrease when companies switch to Google Apps, says a commissioned study by Forrester Consulting. Going...
- Protecting Digitalized Assets in Healthcare Healthcare providers face an urgent, internal battle every day: security and compliance versus productivity and service. For most healthcare organizations, the fight is...
- Increasing the Value of Your Reports and Dashboards Learn how incorporating other analytical capabilities such as predictive modeling and visualization can increase the value of your reports and dashboards by providing...
- Video surveillance for IT: maximum image quality, minimum bandwidth Join us on Thursday, May 8th at 1 p.m. EST when Willem Ryan, Senior Product Marketing Manager at Avigilon, will discuss how IT... All Management White Papers | Webcasts