[an error occurred while processing this directive]

Continuity of Operations in the 21st Century

By Doug Henderson

A New Environment: The 21st century has brought businesses new threats, an increased demand for continuity of operations and a reliance on new technologies. Effective planning must address all of these constantly evolving factors. The three distinct but interdependent planning areas are often referred to as follows:

  • Emergency (or Incident) Response (or Crisis Management) Planning
  • Continuity of Operations Plan (COOP)
  • Information Technology (or Disaster Recovery) Planning

Emergency Response
September 11, 2001 ushered in a new era for Emergency Response. There is now a paramount need for schools, government entities, and individuals to be prepared to execute an "Emergency Lockdown" (or "Shelter in Place"). Terrorist Attack situations constitute life-threatening events and conducting a Facility Evacuation or failing to respond properly could be a fatal mistake. Note that Emergency Lockdown procedures are also appropriate for other situations such as external hazardous releases and, with some modification, tornado and hostile intruder emergencies.

Most adult members of the population know how to conduce a Facility Evacuation as these procedures have been regularly practiced in the school system and are at least occasionally practiced in the workplace environment. Emergency Lockdowns are just now being practiced on a sporadic basis. Most individuals will not be familiar the subtle but important differences in response procedures among the various threats. Employers need to develop Emergency Lockdown plans, communicate those plans to everyone and, most importantly, practice the plan. Practicing Emergency Lockdown procedures is as important as practicing Facility Evacuations.

Continuity of Operations Plan (COOP)
Organizations are currently under increasing pressure to maintain service capabilities. This requires organi-zations to assess critical functions and to provide for the maintenance or rapid restoration of those critical services at some established minimum level. A Risk and Impact Analysis (RIA) report will investigate and document these matters. The RIA will also identify risks & exposures and develop solutions to respond to the potential disasters on a strategic basis. Most importantly the RIA will examine the need for planning in the Emergency Response and Technology areas.

The Continuity of Operations Plan will develop the details of the organization's execution of a plan to respond to a disaster situation. As with Emergency Response Plans, a Continuity of Operations Plan needs to be documented, maintained and exercised. Exercises will concentrate on the action steps of managers who are responsible for the Continuity of Operations Plan execution and not necessarily involve the entire organization. Ongoing maintenance issues need to reflect any changes in personnel, changes to operations, changes to the overall environment and the emergence of new technologies.

Technology Planning
Over the last several years, systems and telecommunication technology services have emerged as critical support services for most organizations. The RIA will also conduct a review of the current level of technology planning and include a review of existing controls, vital records procedures and data center recovery planning. In addition the appropriate types of alternate sites (hot site, cold site, etc.) need to be analyzed. Based upon the established recovery objectives and costs of the various disaster responses, management should be in a position to select the most appropriate approach.

Technology planning needs should be addressed in all of the following planning areas:

  • Alternate Site Plan(s) - a plan to recover technology services at another location
  • Data Center Recovery - a plan to restore the data center at its current location
  • Vital Records Management - a plan to secure and retrieve information
  • Information Security - a plan to secure information from internal and external threats

Disaster Management, Inc.
1531 SE Sunshine Avenue
Port St. Lucie, Florida 34952
Phone: (772) 335-9750
Fax: (772) 335-9739

[an error occurred while processing this directive]