ReBoot – Family Emergency Planning

A CIO's VoiceHaving been in corporate IT for more than a decade, I am intimately familiar with disaster recovery planning and business continuity planning. I have been through hundreds of tests and several emergencies. So I know the importance of emergency planning. My wife is also experienced in emergency medical planning having worked in hospitals and is an expert in dealing with emergencies.

Together we make a great team when it comes to emergencies. But most families don’t have this level of expertise or experience.

Case in point, last week my brother-in-law and his two kids got into a severe car crash on their way to the park. The accident occurred less than a mile from their home in their neighborhood. The accident could have been tragic but they were lucky and only had a few minor bumps and scrapes — the miracle of seat belts and air bags.

The chaos that occurred to notify family and friends became problematic especially with everyone spread wide and far.

Here are some steps that my wife and I have taken which should help in the event an emergency occurs.

  1. Carry an ‘In Case of Emergency’ (ICE) card in your wallet. I have mine written on the back of a business card and I carry it behind my driver’s license.
  2. Have 2 or 3 names of people (friends/family/neighbors) and contact numbers on this card. Try to include people that can handle themselves under pressure. During an emergency, especially a family one, emotions run high.
  3. Establish a family-calling tree. Everyone will want to know details, but if your family is large, you will spend more time on the phone explaining the same information than dealing with the emergency. Delegate this task to others.
  4. Establish a will. I know most people don’t like to think about it. But tragedy can happen in a blink of an eye. Establish what will happen to your estate or who your children’s guardians will be. Don’t assume this will be handle properly. These are important issues that should be addressed.

Let’s face it; no one likes dealing with emergencies. But they do happen because life happens. Put in place processes that can help you and your family deal with events and help you will sleep better at night.

Do You Have A Pandemic Plan?

The flu season is upon us and news reports are stating that H1N1 will be wide spread this season. IT executives should review and update their disaster recovery/BCP plans and if they do not have one, develop a pandemic plan.

As part of your pandemic planning the following points should be reviewed:

  1. If you do not have a plan you should develop one. All businesses, no matter how small, should have some type of plan in place to deal with operational disruptions.
  2. If you have a plan, review and update. Make sure your communication plan is also up-to-date.
  3. Have a staffing plan to deal with situations when 30-40% of your staff are out at any one time.
  4. Work with management to develop an action plan for critical actions you need to take within your company to continue to provide core services.
  5. Keep informed on local and national news about increase cases.
  6. Create a decision-making protocol for how and when you will ramp up your response when needed.
  7. Ensure that staff, especially executive staff, know what their roles will be.
  8. Encourage clear communications across you business units.

Disaster Recovery Planning – Part 2

You are in charge of your firm’s computer operations. It is your responsibility to keep things operational 24×7. But have you adequately addressed your disaster recovery needs? In my previous post Disasters from A to Z, I discuss types of disasters that might affect your operations. Disasters come without warning and with different degrees of severity, so it is best to be prepared and have a plan.

In analyzing your level of disaster recovery preparedness you should ask yourself these questions:

  1. My firm understands disaster recovery preparedness and we are prepared to recover
  2. My firm understands disaster recovery preparedness and we are not prepared to recover
  3. My firm understands disaster recovery preparedness but we do not want recovery planning
  4. My firm does not understand recovery planning

These are important questions to ask yourself because knowing which category you fall into is the first step to recovering from a disaster.

It can be argued that you can live without disaster recovery planning. This is true. In addition, disaster recovery planning varies from firm to firm, industry-to-industry, and level of technology dependence. So there is no one solution. You will have to develop a plan to meet the needs of your business.

Here is a quick model that might help. Ask yourself what are the key business functions in your company. Now list the IT and business resources that support these functions. Next, assume that you are no longer able to maintain the continuity of one of these functions because of a disruption (see Disaster Recovery-A Beginners’ Guide).

Now estimate the financial impact to this loss based on the length of the disruption- one-minute, one-hour, one day. Multiply this number for every business function you cannot maintain. You can now see the costs of a disruption to your operations.

So where do you start?

  1. Conduct a business impact analysis (BIA) to develop a “what if” scenario. This will help focus on areas that are critical.
  2. Get management approval and buy in.
  3. Define your minimum acceptable recovery configuration for your environment.
  4. Be detailed in your recovery steps. Everyone and anyone should be able to follow the plan.
  5. Cover all critical business units and their dependents.
  6. Ensure there is adequate staff to back those that are affected by a disruption including yourself.
  7. Keep the plan current. As changes to your environment occur, update your plan accordingly.

Finally, the most important part of disaster recovery planning is testing. This is where you can address deficiencies in your plan. Initial, the more testing you do the better. Once the bugs are worked out of your plan, future testing will go smoothly. Test Test Test. Have business units test and have your auditors review and provide comments.

An effective disaster recovery plan can ensure your business operations can continue with minimal zero interruptions.

Disasters From A to Z

It amazes me that in this day and age there are firms out there with absolutely no disaster recovery plan. I am not talking about a comprehensive 200-page manual but just a simple calling tree. How can any business operate without some level disaster recovery preparedness?

Let’s first define disaster. I would define a disaster as any event that adversely affects your operations. These events can affect your computer operations in any number of ways. Recovery back to normal operations can take anywhere from a few minutes to several hours.

Having worked in NYC for my entire career, NYC has been the center of many events. Many of which I have been through.

Here is a list of disasters that a firm should be prepared for:

Acts of God, Air-conditioning failure, Arson, Blackouts, Blizzards, Boiler explosions, Bomb threats, Bridge collapse, Brownouts, Brush fires, Building collapse, Chemical accidents, Civil disobedience, Communication failure, Computer crime, Disgruntle employee, Denial of Service, Earthquakes, Embezzlement, Explosions, Falling objects, Fire, Flood, Hardware crash, High winds, Heating/cooling failure, Hostage situation, Human error, Hurricane, Ice storm, Interruption in public service, Internet outage, Coup d’état, Pandemic, Water main break, Terrorism, Labor dispute, Lightning strike, Malicious destruction, Military operations, Mismanagement, Personnel non-availability, Plane crash, Phishing, Public demonstrations, Buggy software, Radiology accident, Railroad accident, Sabotage, Sewage backup, Snowstorm, Software failure, Sprinkler failure, Telephone problems, Theft of data, Transportation problems, Vandalism, Computer viruses, Water damage, Worms, Gas leaks

This lists gives you something to think about.