there are two problems with that. first, people tend to forget what they
don’t rehearse. and second, the constant pace of technological and business
changes will render almost any plan useless within a couple of years if you
don’t frequently update it.
“Whatever you decided to do two years ago — do you still have the appropriate levels of technology to make it happen?” asks terry assink, group vice
president at brand Velocity. “Have you changed things, upgraded things or
moved functions elsewhere such that your plan isn’t valid anymore?” many
organizations today have a model that’s different from what they once had,
with fewer functions and less data on-site and more data residing in the
cloud. the effect is that a local crisis that interrupts communications and/or
power will pose a different set of problems than it would have in the past.
In particular, assink notes, the importance of maintaining an Internet con-
When Did You Last
Practice Your Plan?
nection has grown dramatically in the recent past. “We used to think about
the internal network and the outside network, and the outside one had a
secondary role,” he says. “now, they each have the same level of impor-
tance. a lot of the collaboration that goes on between employees and with
partners and customers is conducted over the Internet today.”
In addition to reviewing your business continuity plan at least once a
year, you should also practice it at least as often. communications provider
orange business services engages in unannounced audits to test business
continuity plans at each of its support centers. the company conducted just
such a test at its cairo location about a week before the egyptian uprising
started, curfews were imposed, and the government cut off sms and Inter-
net communications. With a well-rehearsed plan in place, orange was able to
swiftly move disrupted support functions to its other centers in India, brazil
and mauritius, and then smoothly return them to cairo nine days later, after
the Internet was restored and relative calm had returned.
International sos practices its business continuity and disaster recovery
plans at each of its 70 worldwide locations at least once every six months,
according to michael shea, executive vice president for It. “one thing we re-
alized when we first started doing this is that the first time we practice some-
thing, we are horrible at it,” he says. “When we go to set up a data center at a
disaster recovery site, whether hot, warm or cold, it never goes well the first
time. We need at least two practices to do it smoothly. so if we practice once
every six months, it takes us at least a year to get good at it.”
— mInda ZetlIn
Getting an answer proved challenging. First, there was no single
staff directory that covered the entire company and was kept up to
date with ongoing staff changes. Nor was there a single directory of
every person’s location and contact information. Second, even if it
existed, such a directory would not have included contractors, who
nonetheless fit within the CEO’s definition of “our people.”
Third, there was no central record of which London employ-
ees were on vacation, on leave or traveling that day, or — more
worrisome — which employees from other locations might be
visiting London. And finally, even for those employees who were
known to be in London and for whom the company had ad-
dresses and phone numbers, it was hard to make contact.
“Transportation was disrupted, cellphone service was down,
SMS was down, and it was very unclear for most of the day just
what had happened,” recalls Andrew Marshall, director of Con-sultifi, which helps companies understand business risks.
The company’s HR and IT departments weren’t able to provide a timely
answer to the CEO’s questions, he says.
“It turned into a conversation that
involved philosophy and technology as
well as HR,” Marshall notes.
There are several lessons any I T
leader can draw from this tale. First,
there’s no such thing as a safe location:
Disruptions can happen anywhere.
Second, it’s important to have a plan
that spells out what everyone’s respon-
sibilities will be and includes all the
information you’ll need. And finally,
systems, because “normal” methods of communication will likely
fail — especially mobile, which is quickly overwhelmed by the spike
in local demand that takes place during any crisis.
Concerns About Crisis events Grow
It would be impossible to think about events of the past 12 months
without having at least a few qualms over systems, data and employees, especially those outside the U.S., and the possible effect of
local unrest, epidemics, earthquakes or other hazards. Indeed, in
a 2010 survey of the 100 largest technology companies, 55% of executives reported worrying about “natural disasters, war, conflicts
and terrorist attacks.” When the same executives were again asked
that question in 2011, that percentage rose to 81%.
In this increasingly global and interconnected world, it’s easy
Crisis management isn’t
to see why they’re concerned. Power outages, weather events,
In fact, a significantly global opera-
just a function of senior
or midlevel management.
It needs to be known and
understood by everyone.
JonAthAn BAr, general manager of
global Infrastructure, InternatIonal sos