The devastation caused by Hurricane Sandy should be a wakeup call to many organisations on the disruption such disasters can cause. This post highlights some critical questions that should be addressed to facilitate better preparedness.
Most of the Caribbean is within the hurricane belt, which means that from 1 June to 30 November every year, there is apprehension about the destruction major storms can cause. Although we are nearly at the end of this year’s season, and many of us might have already been breathing a sigh of relief, Hurricane Sandy, which struck Jamaica, Cuba, the Bahamas, and north-eastern United States over the last week, should have given us cause for pause.
As at yesterday, 30 October, 119 people were confirmed dead as a result of Hurricane Sandy, and the United States alone is estimating damage in the region of USD 10—20 billion. No doubt we have all watched the images showing the breadth and depth of the destruction experienced, and initial expectations, especially in the United States, is that normalcy would be restored in a few days. However, there is now a growing realisation that a full return to “pre-Sandy” operations might be several weeks away.
With just one month to the end of the 2012 hurricane season, and looking forward to 2013 and beyond, here are four questions that should be asked by managers and business owners when preparing an organisation for a possible disaster.
1. Does the organisation have a disaster plan?
Although the impetus for this article are the weather systems, specifically hurricanes and Tropical Storms, that are prevalent in the Caribbean, there are a broad range of disasters that organisations ought to consider, such as:
- fire
- floods
- earthquakes
- tornados
- civil unrest/riots.
Unlike hurricanes and Tropical storms for which there can be several days’ notice of their arrival, for those highlighted above, there might be a few minutes notice at best, in which to prepare.
A disaster plan allows an organisation to consider and implement steps that would help it to manage risk and mitigate possible losses associated with each type of disaster. In our July post, we discussed 5 important practices to ensure your electronic data survives a disaster. Those measures could be incorporated into a more comprehensive plan for the entire organisation.
As expected, a number of disaster plan templates are available online. However, it might also be instructive to contact your local emergency management (disaster preparedness) office, which should be able to offer some advice and may have available to share, more relevant or country-specific disaster planning tools.
2. What backup provisions have been made?
Although our earlier post, 5 important practices to ensure your electronic data survives a disaster, focussed on measures that should be implemented, primarily from an IT perspective, the points raised, to varying degrees, can be adapted to be applicable across the entire organisation.
- collecting and protect critical documentation
- backing up data
- having copies of all software
- storing data in a secondary location
- ensuring adequate provisions are made to protect the organisation’s equipment.
It is emphasised that the agreed measures should be dovetailed into a more comprehensive disaster plan, and of course, should be implemented well in advance of a disaster to ensure adequate preparedness.
3. What is the organisation’s continuity plan?
The critical question a business continuity plan should address is: “what measure can an organisation put in plan so that it ensure it is still operational during (as might be necessary) and in the aftermath of a disaster?” According to Wikipedia, business continuity is
… the activity performed by an organization to ensure that critical business functions will be available to customers, suppliers, regulators, and other entities that must have access to those functions.
For organisations that offer essential products or services to their clients – especially international clients, who might not be similarly affected by the disaster as their supplier organisations – it would be vital for them to still be in a position to service those customers, to ensure their continued viability. Although there are international standards and agreed methodologies that can be used to guide the planning process, at its most basic, key questions that ought to be addressed include:
- If the organisation’s only office, or if one of its locations, has been compromised due to a disaster, what options might be available to ensure operations continue, at that location? At another location?
- If there are options, what provisions are necessary to establish a viable business continuity framework?
In a similar vein, it is also critical for organisations to examine business continuity as a customer – the goods and services the organisation requires other vendors to supply – and the ways in which potential loss of such inputs could be mitigated.
4. What is the organisation’s recovery/restoration plan?
In the longer term, and especially if an organisation’s premises has been badly damaged, it might be prudent to consider, and to devise a plan of action, on how the premises, and operations at those premises, may be restored in the days, weeks and months following a disaster. It should be noted that a distinction is being made between business continuity, and business recovery. With regard to the former, the emphasis is on establishing interim arrangements that allow an organisation to still operate, or to undertake critical functions in the anticipation of and immediately following a disaster. The latter speaks to the steps necessary for a more permanent recovery in the longer term.
With regard to business restoration, many organisations and landlords, rely on pay outs from the insurance policies they might have. However, processing of insurance claims can be quite a protracted, which means that the restoration of premises, and operations at those premises, could be unduly delayed, and ultimately lost.
The local business environment is becoming increasingly competitive and dynamic, due to the growing reach of international businesses, along with the impact of technology, particularly the Internet, on business. Hence organisations could benefit considerably from establishing a more comprehensive and targeted strategy to guide their recovery.
Image credits: Wikipedia
___________
*Sandy Wreaks Havoc on Internet Infrastructure*
Apropos, here’s a story that should extend our concept of infrastructure vulnerability.
http://gigaom.com/cloud/superstorm-sandy-wreaks-havoc-on-internet-infrastructure/
Carlton
The article is a great find, Carlton. It could explain some of the problems persons might experiencing in trying to connect with some US websites or with data centres based in the US. However, it also highlights, as you rightfully noted, infrastructure vulnerability, along with the need for more comprehensive disaster management and mitigation measures for core infrastructure, which often can be sidelined, or treated superficially, in the name of development…