Home
Speeches & Seminars
Meeting Facilitation
Consulting Services
Alf's Articles
Alf's Resource Links
About Alf
Contact Alf

Alf's goes Luxury ... click to learn more!

 

Alf's Articles

Mitigate Business Disaster With A Recovery Plan

by Alf Nucifora

The recent destruction of the World Trade Center towers has brought to the forefront the whole issue of business disaster and the unplanned-for consequences of that disaster. While the majority of the Fortune 500 have developed business continuity and recovery plans, most small businesses have given it little attention. Yet, it is small business that needs recovery planning most of all. Data shows that 73% of businesses that suffer a disaster are out of business within three years. 43% don't even survive the first year.

The most devastating disasters are associated with fire, hurricane, flooding and earthquake. In most cases, it is not just the disaster that hurts but the inability to gain physical access in a timely manner…to literally get back into the building in rapid time in order to maintain continuity of operations.

Nowadays, there are a number of professional organizations that will help government agencies and businesses (of all sizes) design and develop strategies for recovery from a disaster or ensuring continuous functioning of critical business decisions. In fact, the Disaster Recovery Institute International (DRII) has certified 2,500 active Certified Business Continuity Professionals (CBCP) who consult in the business continuity and recovering planning practice.

The recovery plan itself deals primarily with recovery issues relating to physical plant, information technology systems and business processes. The planning process encompasses the following:

  • Identifying risks and vulnerabilities
  • Quantifying and qualifying business impact resulting from threat occurrences
  • Defining critical business processes
  • Designing recovery strategies
  • And detailing a plan specific to the client's business needs

In the risk assessment phase, all potential vulnerabilities are investigated including susceptibility to fire, post-disaster accessibility, computer virus vulnerability and categorization of information, data and files (mission sensitive vs. critical). The planning process also provides a recommendation on risk negation as well as a business impact analysis outlining the potential cost impact of each risk. Critical business processes are prioritized with scenarios designed for getting each critical process up and running in the immediate post-disaster stage. Some of these critical processes include replacement of computer hardware, software and office equipment, availability of duplicate files, reestablishment of computer intranets and urgent staffing needs including backup staff for each function and up-to-date contact information in order to track staff at short notice.

According to Virginia Miller, Director of Technical Solutions for Virginia Beach-based Metro Information Services, "The key is in defining those critical business processes that are essential to keeping a company in business and then developing a recovery system to keep the revenue coming in." As an example, in the case of companies that derive much of their revenue from phone or Internet customer ordering, the immediate reestablishment of phone and computer communication networks is of the utmost urgency.

Miller, who has provided business recovery consulting services to the US Department of Defense, US Department of Transportation, New York City Transit Authority, as well as the states Virginia, Florida and South Carolina, notes that the World Trade Center tragedy taught the business community a number of valuable lessons. In addition to the necessity of maintaining backup systems, the tragedy also highlighted the importance of media relations, particularly for publicly traded companies. Shareholders, investors, clients and vendors must be informed immediately as to how the damaged company will survive the disaster with reassurance provided that business will be continued as normal. Note how the financial services firms headquartered in the World Trade Center buildings were able to communicate a business-as-usual scenario within 48 hours of the disaster. The other learned lesson relates to the need to contact personnel quickly not just to verify their safety but also to mobilize replacement troops on an emergency basis. This calls for up-to-date staff contact information at all times.

For certain business sectors such as financial services and healthcare, a business recovery plan is mandatory. Banks and brokerages need it to satisfy SEC requirements; hospitals need it for the maintenance of emergency treatment. And, small businesses that are part of a larger business's supply chain, e.g., a vendor/supplier to an automotive manufacturer, must now have a recovery plan if they wish to maintain their favored vendor status or link in the supply chain.

What should a recovery plan cost? Depending upon the size of organization and type of business, most plans cost in the range of $25,000 - $150,000. And, responsibility for plan development no longer lies with the MIS department but where it should be…with the CFO or COO. Ultimately, the operating success of the company rests at their door. A business recovery plan will go a long way to guaranteeing that success.




© 1997-2009 Alf Nucifora. All rights reserved.
regarding any problems with this web site.
Site designed and maintained by  In The Moment Computing.