Downtime During Hurricane Season Isn’t a Forgone Conclusion
Five years have passed since Hurricane Katrina, one of the most deadly and costly hurricanes on record, devastated the Gulf Coast. While the southeastern coast is still recovering from the damage caused by the 2005 hurricane season, the National Oceanic and Atmospheric Administration’s (NOAA) Climate Prediction Center is warning of a 2010 hurricane season eerily similar to 2005. Citing all-time high sea surface temperatures in key areas of the Atlantic Ocean, as well as the El Niño cycle, NOAA predicts that the 2010 season will most likely produce 14 to 23 named storms, eight to 14 hurricanes and three to seven major hurricanes (category 3 or stronger).
Faced with this alarming forecast, many organizations are asking what they can do to keep functioning during a major disruption such as a hurricane. Most organizations are aware that developing a disaster preparedness plan is important, but key components are often either overlooked or not fully tested. As a result, organizations risk suffering lost data, productivity and, in the case of government agencies, poor service to citizens urgently in need.
Just as a solid foundation is crucial to a long-standing structure, so is information technology (IT) to business operations. Developing a solid and proven disaster preparedness plan is key to maintaining an IT infrastructure that can withstand the storms. The following business continuity checklist can help organizations take the first steps to avoid costly downtime, reduce inconvenience to users, and prevent disruption of critical services provided by the organization to the public:
· Assess your current plan and prioritize essential services. Conduct a business impact assessment that prioritizes critical processes for the entire organization. Rank services in order of the time by which they must be resumed to minimize the impact to your business (recovery time objective). For example, processes that need to continue immediately to prevent serious mission impact, such as essential citizen services, could receive an “A” rating. Processes that can be continued within 24 hours could receive a “B” rating, and so on.
· Take steps to protect data. Organizations should back up data frequently to ensure data integrity and applications are not jeopardized. Just as organizations should set a recovery time objective for mission critical services, so should they rank the impact of lost data. The greater the impact, the more often organizations should back up their data. Organizations might even back up continuously for mission critical data. Multiple copies of data should be stored off site, at a remote location, a long distance from the primary data center.
· Review power and cooling systems. Organizations should add uninterrupted power supply (UPS) to keep the most essential applications running. A UPS battery backup unit serves as a bridge to keep IT systems running until main power is restored, a secondary power source is deployed or until the IT system can seamlessly be shut down. In addition, assess the projected growth of your organization and ensure that you have enough UPS devices to accommodate that growth – ensuring that all systems are protected in emergencies today and in the future. Cooling systems should also be supported by backup generators, as temperature spikes can cause unplanned interruptions when operations are most critical.
· Identify and appoint a cross-functional preparedness team. Create a team from different departments (e.g., applications development, servers and systems administration, network operations) to design and test the disaster recovery plan, as well as a recovery team, which will participate in recovery activities after any declared disaster. The recovery team should not be identical to the preparedness team, even within smaller organizations. In addition to IT management, members of the recovery team can include IT executives, outside service provider representatives and even community members.
· Document, test and update. The disaster preparedness plan should include logistical details, including travel to backup sites, and a list of people who have spending authority for emergency needs. The plan should clearly identify the role of each individual on the cross-functional preparedness and recovery teams and be tested in an environment that simulates an actual emergency. During testing, follow your written plan as closely as possible and ensure all designated individuals actually carry out the action items assigned to them. You will be able to spot problem areas that you would not identify by just reading the plan, and you can update the plan accordingly before a real disaster occurs. Because organizational structure and operations change frequently, it is important to review the plan frequently to ensure any gaps are bridged.
· Consider telecommunications alternatives. Following Hurricane Katrina, many organizations lost access to reliable telecommunications equipment for days. Alternative communications vehicles, including wireless phones and satellite phones, should be considered. Become familiar with your telephone service provider’s emergency power capabilities. Consider call forwarding and establishing an 800 number to improve accessibility during a disaster.
· Form tight relationships with vendors. Hardware, software, network and service vendors can help expedite recovery, as these contacts often can ensure priority replacement of telecommunications equipment, personal computers, servers and network hardware in the event of a disaster. Strong vendor relationships are especially important for small- and medium-size organizations, which may lack the resources that larger organizations can tap in an emergency.