Terrorist attacks and supplier meltdown give impetus to revisiting
business continuity plans.
September 2002: we are now some 33 months into the new millennium
and at the first anniversary of the horrific events of 11
September. What has this short period brought IT professionals?
We started the decade with our hearts in our mouths and our fingers
crossed as the clock hit midnight on 31 December 1999, hoping that
the years of effort on Y2K would not result in us having to invoke
our well-rehearsed disaster recovery and business continuity plans.
Since then we have seen terrorist atrocities, war with Afghanistan,
economic downturn, the collapse of the dotcom bubble and industry
giants such as WorldCom filing for Chapter 11 bankruptcy
protection. Just this week, we were apprised of the nuclear threat
from Iraq and faced with the consequences of another frightening
war. Where are all our disaster recovery plans now?
Y2K was years in the planning and within weeks most of us had
returned our well-thumbed contingency plans to the shelves. How
many of us have picked them up and analysed them since, factoring
in the more recent possibilities of terrorist attack or major
supplier meltdown. Will they still work or do we need to revisit
our assumptions?
In the wake of the past 33 months it is clear that IT professionals
are going to come under growing pressure to ensure that business
continuity plans are robust and, perhaps more importantly, that
supplier and technological investment is sound and reliable.
The problem we are all faced with is how we balance the risks. How
do we assess the risk in the first place and communicate it
effectively to our boards with the appropriate mitigation plans to
satisfy the concerns?
Perhaps the time has come for CIOs to consider appointing
individuals within their organisations focused solely on IT risk
assessment and mitigation. But, in reality, this will be difficult.
Economic pressures are forcing all of us to look at headcount, and
justification for what will be seen as a new function in IT will be
an almost impossible task. You can almost hear the finance
directors' groans now.
However, we are tasked with providing a robust, secure and reliable
environment that will allow our businesses to operate on a
continuous basis whatever the circumstances. Without this focus,
are we really sure we can cover all the bases? Should we be making
a case for these positions quickly and clearly to ensure we do not
get caught with our pants down?
When we all finally got to bed on 1 January 2000, no one could have
imagined what the next 33 months would hold. Did we ever believe
that an event such as the attack on the World Trade Center would
happen or that it could cause the devastation it did? Would we have
believed then that WorldCom would face the problems it is now
having and force us to revisit our networking strategies and
supplier investment plans?
Are we really prepared for whatever comes next or have we got
complacent since Y2K, despite all the recent events? We owe it to
ourselves and, most importantly, to our businesses to take stock
and ensure that we are.