|
 In light of the recent events surrounding Hurricane Katrina, should this issue be back on the table? Asks Paul Kirvan.
How many of you remember the famous (infamous?) interagency white paper* jointly developed by the Federal Reserve System (FRS), the Office of the Comptroller of the Currency (OCC) and the Securities and Exchange Commission (SEC)? While it talked about developing sound practices to strengthen the resiliency of the US financial system, it caused a massive outcry when it suggested that companies consider locating backup/recovery sites 200-300 miles from primary operations facilities.
In light of the recent events surrounding Hurricane Katrina, should this issue be back on the table? Michael Marshall, operational risk consultant with Well Fargo Bank, suggests that now may be a good time to revisit this issue. "When we look at what happened with Katrina," he said, "we need to start thinking about the next big event, and our potential exposures because of where our recovery facilities are located."
The original document provided some excellent guidelines for business continuity professionals in addressing recovery site locations as well as other important planning issues. Now that Hurricane Katrina has captured everyone's attention, maybe it’s a good time to revisit the recovery site location issue. And considering that the human, financial and operational implications of geographically dispersed data centres - especially in a disaster - could be huge, it also makes good sense.
So what should you do? Consider the following activities before making any hasty decisions:
1. Determine how many internal recovery facilities are available, where they are located, and how much spare processing and data storage capacity is available. If there are no dedicated internal recovery assets, identify potential candidates for these roles.
2. Determine how many external recovery facilities are available, where they are located, how much spare processing and data storage capacity is available, and the cost for these facilities.
3. Determine senior management sensitivity to this issue, especially in light of what happened in the Gulf States. As always, senior management support will be required if it is necessary to invest in additional recovery capabilities.
4. Carefully consider human concerns in situations where a major recovery effort could relocate staff for extended periods of time.
5. Carefully consider operational, financial, competitive, and legal issues in which alternate operational sites may need to be used to keep the company in business.
6. Determine additional mission critical activities that should be addressed by alternate recovery sites, such as call centres and any other facility, operation, or process required to conduct business.
7. Take a close look at existing business continuity and disaster recovery plans to see how recovery site issues are addressed. If they are not addressed, or only in passing, use this as an opportunity to reintroduce them.
8. If a business continuity or disaster recovery planning team is not in place, take this as an opportunity to form a multi-disciplinary team and establish clear mission objectives, approval processes, reporting structures, etc.
9. Build and/or update your inventory of enterprise-wide information technology sites with a view toward identifying which one(s) could be expanded/modified/relocated to serve in a backup capacity.
10. Identify and initiate discussions with other relevant vendors to identify additional recovery assets and to compare alternatives.
MAKE A COMMENT
* The three agencies released the white paper in August 2002 and solicited comment from enterprises in the industry until October 22, 2002. It was entitled "Interagency Concept Release: Draft Interagency White Paper on Sound Practices to Strengthen the Resilience of the U.S. Financial System." The document number is Release No. 34-464432, File No. S7-32-02. It can be viewed at the following location: http://www.sec.gov/rules/concept/34-46432.htm.
Paul Kirvan, FBCI, CBCP, CISSP is Editor-in-Chief, CPM Global Assurance and Member of the Board, the Business Continuity Institute.
pkirvan@witterpublishing.com
www.contingencyplanning.com
•Date: 16th Sept 2005 •Region: US/World •Type:
Article •Topic: Recovery facilities
Rate
this article or make a comment - click
here |
