Tell us     what you think     Our Sponsors     Home

Print Friendly! Email This Article! Discuss NOW! "Growing" the Corporate Contingency Plan By Michael D. Cannon, vice president and manager of contingency planning, NationsBank Contingency planning is not a "project" that ends once the recovery manual is written and put on the shelf. It is a process that should be a corporate-wide "program" that continues to grow with the company it serves. In the not-so-distant past, contingency planning was necessary only for data processing. However, reality has shown that it is a necessity for every business function of an organization. In the 1970s, the terminology used to describe the process was "disaster recovery planning," and it included off-site backup of computer software and data files on magnetic tape. As computer systems became more sophisticated, however, and businesses became more dependent upon these systems, the computer hardware recovery process was born. In the 1980s, several computer vendors began offering "hot site" subscription services. These services offered compatible computers and peripherals to a subscriber for testing disaster recovery plans and for use in recovery in the event of a disaster. during those two decades, major disasters involving computers that caused corporate-wide problems actually were uncommon. However, the 1990s saw disasters such as earthquakes, hurricanes, fires, floods, bombs, and other crises that caused major havoc to several businesses' computer and network operations. Now, major corporations commonly spend millions of dollars per year on "hot site" services, and they test their disaster recovery plans two, four, or six times per year. The frequency of disasters and their potential ability to shut down company operations have caused concern among contingency planners and senior management about continued processing of critical business units. As a result, the "hot site" vendors now offer workstation recovery services. These workstations normally include a desk, a chair, a telephone, and a computer terminal or a microcomputer. The cost of subscribing to these recovery services is based on the number of workstations required to recover the critical business units and the cost of special equipment (e.g. Local Area Network (LAN) servers, telephones, etc.). Some companies are developing their own business unit resumption centers, using training areas, conference rooms, warehouse space, or unoccupied, company-owned office space. The key to business resumption is to make space available that is separate from the normal office building and can be easily wired for data and voice telephone lines. Plans for business unit resumption, as well as for data processing disaster recovery, are essential components of a comprehensive corporate contingency planning program. Also essential is appointment of a contingency planning coordinator. This person, whether he or she is full- or part-time, must have adequate resources to put the plan in place and to maintain it. The coordinator has to work well with all levels of personnel, from clerical to senior management The person should be very familiar with how business units and data processing operate within the company. What Can Happen The possibility for disaster within an organization is seemingly endless. Generally, disasters can be classified into four areas: Outages for data and voice communications. Local office or building floor damage. Significant building damage, but not an area-wide disaster. Area-wide damage, such as an earthquake or tornado. Once an event occurs that threatens to disrupt operations, specific procedures should be followed to determine what levels of the recovery plan need to be activated. In a disaster involving a local office, for example, operations might just be moved to another functioning office. In the event of a major crisis, however, the backup plan may include access to the alternate recovery facilities that have been pre-wired for critical equipment and communications. Such a drastic solution is critical for corporations that must provide non-stop processing capabilities for business units. For example, brokerage firms must be able to make trades of securities on a moment's notice. If a customer buys or sells securities expecting a certain price, late processing because of a disaster would not be acceptable. As a result, brokerage firms, major banks, and other financial institutions have developed contingency plans that allow them to mirror transactions through a duplicate computer system. In the event of an unexpected computer system outage, the mirrored computer system takes over immediately without missing a transaction. LANs A few years ago LANs and the effects of a disaster upon them were not a major concern of corporations. Today, however, critical application systems are processed on LANs within business units. Yet procedures for backup and recovery of these systems are lacking in many cases. Business units are developing their own processing centers at remote sites. But they are connected via telecommunication media to corporate headquarters. Therefore, telecommunications network contingency plans are an important part of the overall corporate plan. As other new technologies are introduced in the future, they, too, will be components of the contingency plan. Corporations also need to study how their companies' assets and business methodologies are linked to each other in providing critical daily support to key operations. Without timely recovery of the processes, customer service quality will be threatened. And when new departmental procedures or information systems, or modifications are under consideration, contingency planning should be part of the basic design criteria. Departmental managers should be required to include recovery procedures for any new or modified systems and procedures affecting their departments. Managers should notify the contingency planning coordinator of any changes made. Conclusion The linked environment of corporations, combined with the fact that disaster may take any form and strike at any time or place, requires a constant state of preparedness Unfortunately, some organizations do not put their corporate contingency planning in place until they are impacted by a disaster. But if the trend of disasters affecting whole companies' operations continues to increase, organizations will need broader contingency plans if they expect to conduct business with their counterparts. The process begins with a commitment by senior management, and appointing a contingency planning coordinator is a good way to begin showing that commitment. But more and more sophisticated contingency plans will be needed as information system technologies and telecommunication networks develop. And they'll need to be tested on a regular basis to ensure a swift recovery. Senior management must make it corporate-wide policy to institute and maintain a contingency planning program, and that program has to have the ability to grow with the company. Copyright © 1998 Bank Security & Fraud Prevention. Originally appeared in Bank Security & Fraud Prevention, Vol. 5, No. 1, 1/98 Current Rating For the Feature: Growing the Corporate Contingency Plan Total Ratings for this Feature: 0 Print Friendly! Email This Article! Discuss NOW!