CIO’s Three BC/DR Lessons from Super Storm Sandy

Read quite many touching stories shared by folks who were experiencing Super Storm Sandy this week in East Coast, besides showing empathy to them, we may all learn quite a few lessons, on one hand, technology is advanced enough to predict weather one week ahead, to allow people have pre-crisis communication & management, well preparation and minimizing the loss and damage; On the other side, we may all need feel humbled, as human is “powerless” when meeting power of nature.

And for IT leaders, business continuity, risk resilience and work flexibility are all important lessons to learn.  As a CIO, how do you go approach your business continuity plan? What’s the thought process, and what goal do you wish to achieve?

1. Business Continuity is the establishment of processes, supporting documentation, etc

Business Continuity (BC), describes all of the processes that would need to be executed to make a hot site live along with supporting documentation that is supposed to be "idiot proof" meaning that anyone can restore normal business operations regardless of prior experience, periodic reviews of the processes and documentation for correctness, periodic tests of the BC process, etc.

Tactically, first thing to do is to establish which systems are critical to business continuity and concentrate your efforts on these, to help a business rapidly recover in the event of a complete outage up to and including the demolition of the premises where your business is housed. As such, there is no solution per se that will help you institute this. Instead, you need to educate yourself on what is included in the definition of Business Continuity, take the time to educate management so that they support your efforts, and then go through the process of developing and practicing your Business Continuity plan.

Strategically, Business Continuity (BC) is integral component of business Risk Management, or step further, risk intelligence and risk resilience. But BC strategy shall constantly evolves tactical steps need to be in line with the long term goal. Which is why emerging IaaS or hybrid cloud is a good BC solutions because they fall in line with business’s long term BC strategy of having a totally fault tolerant environment that has BC totally built in.

Furthermore, BC is not just technology issue only, it's about how to align people, process and technology more seamlessly; it's also not only IT responsibility, it's both board room and front desk's priority, Thus, the BC's goal need be consistent with your business goal, how to run business with agility, elasticity, flexibility and resilience., etc

  

2. Disaster Recovery (DR) is essentially a logical restore of a previously made backup

If BC is the holistic enterprise view of dealing with all types of corporate assets while DR typically is IT asset related.

Technically, many organizations are pushing more and more stuff to "cloud" because of the inherent risk tolerance that it provides and the reduction of additional systems to maintain and backup specifically for BC/DR plan. In addition, ensure that the DR site is geographically disparate. In other words, ensure that both data centers cannot be affected by the same event. So, for example, if your production data center or cloud is based on the East Coast, ensure that DR is located on the West Coast.

More specifically:

• The development of a formal Disaster Recovery Plan (DRP) that meets the needs of the business is a complex process that requires specialized knowledge and information

• Ensure that your DR actually works. Regular DR tests should be conducted -- and this means more than once a year.

• Ensure that you have a enough compute capacity to run your business critical solutions and connectivity is sufficient.

• Ensure that everybody knows what to do in the event of a DR. There is little point in replicating your entire compute estate if nobody knows how to access it.

3. Work Flexibility

Hurricane Sandy is forcing a lot of people to work at home, it may also demonstrate to management that telecommuting works with benefits such as reducing greenhouse gas emissions, saving energy, reducing paper usage, or adapting to weather change, flexible working environment can also make business more resilient and improve staff’s satisfaction.  

Crisis Communication & Management:  what management did and should do during a crisis. Do your customers need to hear from you during Hurricane Sandy? Many writers share best practices from companies that are handling communications in a helpful and dignified way.

Posted in: CIO Debate,GRC