"I keep six honest serving men(They taught me all I knew);Their names are What and Why and WhenAnd How and Where and Who" (Rudyard Kipling, from ‘The Elephant’s Child’ in Just So Stories).
Apart from being a well-known childhood poem, this isn't a bad way to approach your business continuity (BC) plan. In order to cover any eventuality, you need to go back to basics - and these six questions do just that.
In the past, most of us believed that the worst wouldn't happen to us. But as we watched the events of September 11 unfold, the reality was brought home to us - we do need to prepare for the worst, albeit in the hope that we will never have to put those preparations to use.
Any organization, from the tiniest SME to the largest multi-national corporation, needs to have some sort of BC plan in place. Not just in case of terrorist activity - that still accounts for a very small number of disasters. Much more common are power problems, hardware failure, fires and floods. But it is a harsh fact that 40 percent of businesses that suffer a disaster will close in less that two years without a BC plan in place (Gartner Group).
Naturally, the scale and scope of the plan will differ according to the size and needs of the organization, but the principles remain the same.
The first step in any BC plan is to perform a business impact analysis (BIA). That identifies the critical functions of the company. You should ask yourself what the most important business application is - what would you need first and foremost to keep your company up and running?
For a company that trades solely online, for example, its web site is absolutely critical to its survival. For an insurance company that relies on its telephone-based agents to deal with new policy quotations, existing customer queries and claims, then the call center that houses them, and the telephone connectivity which allows them to do their job, are the most critical business applications.
Once the BIA has taken place, a strategy should be developed that takes these into account. For a small business, this might involve simple disaster recovery solutions - backing up data on a daily basis, taking backup tapes or other media offsite, and being able to test your ability to recover the data stored on them if necessary. However, the company that trades only online might require a high availability solution, where a mirrored web site is hosted and maintained elsewhere. If the original site goes down, any traffic is transferred to the second one without any interruption to normal service.
A plan is not a plan unless it has been tested, so regular practice runs should be carried out. This ensures that the BC team is ready to initiate the plan at a moment's notice, and allows any creases in the plan to be ironed out.
Far from being a static manual the size of Encyclopedia Britannica that sits on a shelf in the corner of the office, the BC plan should be concise, constantly improved and updated to ensure that it develops according to the needs of the organization.
The next question to ask concerns when to actually invoke the BC plan - when is a disaster not a disaster? That's not as daft a question as you might think. Clearly a fire, flood or bomb attack would require immediate invocation. But a disaster can quite literally creep up on you - something like power failure, inconsistent system problems, or the air conditioning breaking down and affecting the mainframe or server system. In those scenarios, where the disaster is so difficult to spot, when should you decide to put the BC plan into action?
There may be a cost associated with invoking the plan - in terms of time and money. Firstly, there is likely to be some downtime. You may need to employ third-party organizations, such as the emergency services and assessors. Staff will be required to carry out their roles in the BC plan, when their time might be spent better doing something else. Announcements need to be made to the press, customers, suppliers and shareholders - which may spark a crisis of confidence amongst stakeholders. All of these things have financial implications.
It is therefore necessary to quantify and qualify the potential impact of invoking the BC plan. If the decision not to invoke is made, then a review meeting should still be held in order to discuss the lessons learnt from the experience. The plan can then be adjusted as necessary.
So, the decision is made to invoke the BC plan - what do you need to do next? Amongst other things, the plan should contain an outline of roles and responsibilities, contact details for staff, telephone numbers for any third-party organizations that may be involved, insurance details, etc. One large high-street retailer involved in the IRA bombing of Warrington, northern England, in 1993 had a 'battle box' for each member of the team - containing a copy of the plan, coins for public payphones, pens, paper and other important documentation. When the alarm was raised, staff picked up their battle boxes and leapt into action.
The responsibilities of the team fall into various categories. Firstly, situation analysis - the team leader should be able to assess the situation, investigate the likely prognosis and evaluate possible actions.
Secondly, the decision-making process should be defined within the plan, as it may differ from the normal corporate procedures and restrictions. The BC team, for example, might be given more spending power - a £5,000 check limit instead of a £1,000 - in case essential equipment needs to be replaced immediately.
Communication also appears high on the 'what' priority list. Corporate announcements will be made in association with the PR agency and/or the corporate affairs department, so that customers, the press and other interested parties are made aware of the situation.
Internal communications are also vital. Employees are likely to be just as worried and concerned, particularly if the disaster involves injury or loss of life. The caring approach will be the most effective one. A client involved in the IRA Manchester bombing of 1996 was phoned by her manager to ask her to come back to work. It became apparent during the course of the conversation that he had no idea that she had been injured in the blast, and that she was having her stitches out about the same time as he wanted her back on the shop floor. Take a moment to imagine how she felt at that point.
If the incident is not a serious one, the question of where to locate the BC team may not arise. However, if access to the normal site is restricted or if access is banned completely, where are you going to put your staff, and where will the BC team operate from?
Standing everyone in the car park for a quick fire drill is one thing, but putting them there for hours on end while the initial crisis is dealt with and systems are recovered might not be feasible in the middle of winter or in the pouring rain. Full recovery of systems can take days, and there needs to be an interim site in the meantime for business-critical staff. The BC team needs to have access to a telephone and a fax machine at the very least to be able to perform their roles effectively.
Some of SunGard's customers are able to use our work area facilities for a period of weeks - often those that need their call center function to be up and running as soon as possible. IT systems and phones can be made available in one of the centers at the flick of a switch - direct dial numbers remain the same, and the desktop looks identical to the one that the employees would normally use.
Security of the incident site is also an important consideration to make at the planning stage. The headquarters of a large IT company based in Basingstoke in southern England caught fire some years ago, and when some men turned up in a van to recover the salvageable equipment, nobody thought to question them. Unfortunately, they were nothing to do with the recovery plan, and the equipment was never seen again.
Finally, possibly the most important part of BC management is the human element. One company affected by the attacks on the World Trade Center last year lost its entire team of six BC experts. One would hope that a disaster of that scale never happens again, but that example does teach us the importance of having team deputies who are aware of their responsibilities and are involved in the planning and testing process.
The simple things are worth considering as part of the plan. If the building was destroyed and staff were to be transported to an alternative location, who is going to be on hand to pay the taxi fares? If people are going to be working odd hours in an unfamiliar place, will food and drink be provided for them? Relatively small gestures such as these on the part of the company will keep the staff motivated, and help the recovery plan to run more smoothly.
It's safe to say that the key to effective BC lies at the planning stage. While it is clearly not possible to plan for every single disaster before it happens, using the six question areas forms the basis of a generic plan, which can then be tested according to different scenarios. Add a large dose of common sense, and we're back to Kipling:
"If you can keep your head when
all about you Are losing theirs
and blaming it on you; ...
... you'll be a man my son."
(Rudyard Kipling, If)
Keith Tilley is U.K. managing director at SunGard Availability Services (www.sungard.com).