The People Principles
Four weeks after the World Trade Center and Pentagon disasters, about 5,500 information technology executives from the Western Hemisphere braved long lines and toughened security to journey to Orlando, Fla., for the Gartner Symposium. This was a conference that manyif not mostthought would be canceled in the wake of the attacks and corporate tragedies of Sept. 11.
On the first night, Monday, Oct. 8, Gartner's top security experts held a "town meeting" to address any concerns or questions the nation's top technology executives might have about how to manage their businesses through the new crises they might face. Their warning: Any company with a global brand could expect at some time in the next decade to face the kind of business interruption that befell American Express, Cantor Fitzgerald, Merrill Lynch, the Defense Department and scores of other technologically dependent businesses in September.
Fewer than 150 attendees showed up.
If you think it's too early to start thinking about how your organization will deal with sudden massive disconnects in how your systems operateor that the likelihood of a similar event befalling you is too remotethink again.
Disaster is no longer an abstraction. It's now a part of the basic equation of how you do business.
Sure, almost every information technology organization of any size has a disaster recovery plan. But 75% of them, according to Gartner, only deal with how to restore hardware, software and networks.
Less than 25% of companies deal in any fashion with restoring the resource that matters most.
And, if anything was learned in the seven weeks that have now passed, it's that planning is no longer just a technical exercise, dealing with the math of bits, bytes and circuits. The biggest challenge is: How do you back up your people?
"It's absolutely the salient difference'' that results from thinking about how to counter man-made disasters, says Jon Scarpelli, vice president and national practice leader for the outsourcing business of Ciber, an Englewood, Colo., hosting and technology consulting firm.
That may sound a bit self-serving. But try telling that to Cantor Fitzgerald, which lost hundreds of traders and executives as well as a 10,000-square-foot data center in Manhattanand got its eSpeed bond-brokering system back up in 47 hours. Or to the disaster recovery specialists, such as SunGard and Comdisco, that held the keys to many trade center tenants' future in their hands.
"There are a lot of businesses that are probably patting themselves on the back right now," says Dave Palermo, vice president at recovery specialist SunGard. "And then there are a lot of businesses that are probably going to go under. I've gotten calls from companies (without recovery plans) that have asked, 'Can you help me?' But that's like running a car into a tree and then calling the insurance company.''
The essence, though, is this: This is not the time for any pats on the back. "Some of these folks who didn't have disaster recovery plans," St. Paul Re Chief Information Officer Andrew Cole says, "they should be fired."
It's now time to think ahead about how you are going to protect the interests of your company if its systems are threatened or destroyed.
And there's no one to run them.
On the following four pages, you'll find not just descriptions of how other companies have dealt with the impact of disaster on their people, but prescriptions for how to minimize the impact on you and how your teams must operate, in the event that disasterssmall or largebefall your organization.
Sooner or later, this planning will need to be done. The practical truth is: The sooner, the better.