While watching television this past month, I saw a lot of notices about
taking ”responsibility”. All the alcohol commercials remind you to
drink responsibly. Car insurance commercials want you to drive
responsibly and don’t forget all the TV spots dedicated to financial
responsibility.
And it’s not confined to television ads. In the halls at work, I see
signs that read, ”Security Begins with You” and ”Remember, you are
responsible for ‘fill in the blank’ ”.
With all the reminders of what we are responsible for as an individual,
what I have failed to see is a lot of corporate responsibility when it
comes to the Continuity of Operations.
And what do I mean by that? Well, I mean there’s more to keeping a
company running than holding onto data. Don’t get me wrong… of course
that’s critical. But to keep operations running, you need to plan for
personnel, communications, systems, logistics… It’s a lot of planning
and it needs to be done well ahead of any bad forecasts.
Aren’t there regulations that mandate that kind of thing?
Well, Sarbanes-Oxley regulations are in place to ensure there is due
diligence in the financial marketplace. And FISMA mandates that
government agencies are securing their data and systems, as well as
ensuring the continuity of operations, disaster recovery and business
resumption plans are developed, maintained and tested.
So, I must be mistaken and corporate America has taken full
responsibility for identifying, minimizing and correcting its security
vulnerabilities. Right?
Sadly enough, not all businesses have stepped up to the plate when it
comes to the Continuity of Operations.
I thought after Hurricane Katrina ripped through the Gulf States, leaving
a wake of destruction, that all businesses outside the region would heave
a sigh of relief, and then quickly develop disaster recovery plans. After
that they’d work tirelessly on testing them and keeping them updated.
Some did. Many others did not.
And what about the businesses that were booming one day, and under water
the next day? Where were their Disaster Recovery and Continuity of
Operations plans?
Those who had their plans developed and in place were able to quickly
implement them… and their businesses survived. Those who did not, or
had not tested the plan for flaws, could not implement it successfully
when needed. And more than likely, they will not be able to recover from
the lost revenue.
With these lessons so fresh in our memories, I had expected IT
administrators from both large and small organizations to be screaming
for assistance in developing these business-saving plans. At least, I
expected to see administrators dusting off their old plans and procedures
and, on a good day, updating them and then putting those plans to the
test.
I am not sure any of that has happened.
When I speak with my peers, they say they have not seen this trend. Sure,
there’s more talk about disaster recovery, although most do not take into
account any of the business functions.
Business functions are as important to survivability as the company data.
In today’s environment, there are multiple sites that will take a
company’s data and restore it for them. However, data alone is not enough
to keep a company afloat. The people and processes are necessary to
manipulate the data into something meaningful.
For example, a unified command, chain of command, and span of control to
manage the disaster recovery response is critical. And so is keeping all
of that up and running… at all times.