Bart Perkins: After Superstorm Sandy, an opportunity to be better prepared
Computerworld - It's a pretty safe bet that a lot of organizations in the Northeast are bulking up their business continuity plans (BCP) right now. That's because many of them were left in the rubble following Superstorm Sandy, and experience is often the best teacher.
If your organization escaped that disaster, you should let the experiences of those that got hit be lesson enough for you. Don't wait until it's too late; the whole point of a BCP and an information systems contingency plan (ISCP) is to be prepared before catastrophe strikes.
Unfortunately, we're all adept at postponing planning. Let's face it: ISCPs are not cheap, sexy or fun, and often they aren't even used after time, money and effort have been spent developing them. And we tend to think that a business-crippling disaster just isn't likely. The odds are indeed low. Category 5 hurricanes like Andrew (South Florida, 1992) are relatively rare, and the chances of one hitting New York are extremely slim. That's one reason why Sandy is so instructive.
Compare it to Katrina (Gulf Coast, 2005), which trumped Sandy in many ways. A Category 3 storm when it went ashore, Katrina caused damage that was assessed at $120 billion and led to 1,836 deaths. Sandy was barely a Category 1 when it hit the coast, and it caused $30 billion to $60 billion in damage and resulted in 109 deaths. But Sandy had a much bigger impact on business. The three states most affected by Sandy are home to 85 Fortune 500 headquarters, compared with 20 in the area affected by Katrina. Sandy's power outages affected 8.4 million people (and thousands of businesses), whereas Katrina left 1.7 million people without power. And Sandy's impact was felt throughout the world economy when it forced the closure of the New York Stock Exchange and many U.S. government offices.
In other words, a storm doesn't have to be a record-breaker in terms of strength to cause tremendous havoc. And businesses located along the coast aren't the only ones at risk. There are all kinds of disasters, including earthquakes, tornados, wildfires, tsunamis and blizzards.
I've heard people argue that ISCPs don't increase revenue, cut costs or create new services. That's true, but they can help to avoid costs and prevent devastating drops in revenue. And creating an ISCP identifies potential vulnerabilities, whose elimination strengthens IT robustness.
What's more, an ISCP can help with compliance. Increasingly, professional organizations and federal guidelines strongly encourage or mandate BCPs. For example, the National Association of Securities Dealers requires the creation and maintenance of a BCP. Sarbanes-Oxley Section 404 requires management to establish and maintain "adequate internal control over financial reporting." The inability to recover after full or partial outages could be considered noncompliance.
An effective ISCP project has four phases. First, fund it. Second, create a comprehensive ISCP. (NIST provides an excellent model.) Third, test it regularly to verify the integrity of planned operations and to ensure that employees understand their responsibilities. Fourth, update the ISCP periodically, to reflect infrastructure changes and add support for new services, such as BYOD, mobile access and big data. Beyond that, examine existing ISCPs to find holes in coverage. And don't forget supplier exposure!
With Sandy fresh in mind, take advantage of management's increased awareness of the threat of natural disasters. But act quickly; memories will fade. Develop an ISCP before this window closes.
Bart Perkins is managing partner at Louisville, Ky.-based Leverage Partners, which helps organizations invest well in IT. Contact him at BartPerkins@LeveragePartners.com.
More by Bart Perkins
- Bart Perkins: Forget the expense -- more secure credit cards are an opportunity
- Bart Perkins: A project staffing worst practice
- Bart Perkins: How to keep projects on track
- Bart Perkins: Power to the people's devices
- Bart Perkins: Pester no more: How to handle the FCC's new rules on robocalls
- Bart Perkins: 3D printing is IT's next big challenge
- Bart Perkins: Benchmarking is great, when it's not a waste
- Bart Perkins: Global standards, meet local constraints
- Bart Perkins: Congratulations on your new supplier. Got a good prenup?
- Bart Perkins: Can't buy you love
Read more about Management in Computerworld's Management Topic Center.
- The Growing Demand for Rich Media This white paper discusses how IBM Customer Experience Suite Rich Media Edition can automate rich media workflows, from collaborating with creative agencies and...
- The Next Generation Employee Experience This white paper from IBM, showcases five organizations that are strategically integrating emerging social software and tools with their existing investments and seeing...
- Jyske Bank extends brand message to more than one million visitors a month IBM WebSphere Portal software helps bank offer a clearly differentiated digital experience
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process.
- Transform Your IT Service Management Watch this webinar, to learn how EasyVista can increase IT productivity & efficiency and deliver streamlined & integrated IT Service & Asset Mgmt.
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to... All Management White Papers | Webcasts