Taking lessons from disaster

Terrorist attacks and supplier meltdown give impetus to revisiting business continuity plans.

Terrorist attacks and supplier meltdown give impetus to revisiting business continuity plans.

September 2002: we are now some 33 months into the new millennium and at the first anniversary of the horrific events of 11 September. What has this short period brought IT professionals?

We started the decade with our hearts in our mouths and our fingers crossed as the clock hit midnight on 31 December 1999, hoping that the years of effort on Y2K would not result in us having to invoke our well-rehearsed disaster recovery and business continuity plans. Since then we have seen terrorist atrocities, war with Afghanistan, economic downturn, the collapse of the dotcom bubble and industry giants such as WorldCom filing for Chapter 11 bankruptcy protection. Just this week, we were apprised of the nuclear threat from Iraq and faced with the consequences of another frightening war. Where are all our disaster recovery plans now?

Y2K was years in the planning and within weeks most of us had returned our well-thumbed contingency plans to the shelves. How many of us have picked them up and analysed them since, factoring in the more recent possibilities of terrorist attack or major supplier meltdown. Will they still work or do we need to revisit our assumptions?

In the wake of the past 33 months it is clear that IT professionals are going to come under growing pressure to ensure that business continuity plans are robust and, perhaps more importantly, that supplier and technological investment is sound and reliable.

The problem we are all faced with is how we balance the risks. How do we assess the risk in the first place and communicate it effectively to our boards with the appropriate mitigation plans to satisfy the concerns?

Perhaps the time has come for CIOs to consider appointing individuals within their organisations focused solely on IT risk assessment and mitigation. But, in reality, this will be difficult.

Economic pressures are forcing all of us to look at headcount, and justification for what will be seen as a new function in IT will be an almost impossible task. You can almost hear the finance directors' groans now.

However, we are tasked with providing a robust, secure and reliable environment that will allow our businesses to operate on a continuous basis whatever the circumstances. Without this focus, are we really sure we can cover all the bases? Should we be making a case for these positions quickly and clearly to ensure we do not get caught with our pants down?

When we all finally got to bed on 1 January 2000, no one could have imagined what the next 33 months would hold. Did we ever believe that an event such as the attack on the World Trade Center would happen or that it could cause the devastation it did? Would we have believed then that WorldCom would face the problems it is now having and force us to revisit our networking strategies and supplier investment plans?

Are we really prepared for whatever comes next or have we got complacent since Y2K, despite all the recent events? We owe it to ourselves and, most importantly, to our businesses to take stock and ensure that we are.

Read more on Business continuity planning