Disaster-Resource.com
Business Continuity Strategy Design: How Far Apart Should Primary and Alternate Sites Be?

By Alberto Jimenez

In terms of business continuity, the most common discussion centers around the distance a primary site should be relative to an alternate location.  Some practitioners believe that the primary and alternate sites should be within 20-30 miles in order to minimize employee travel, decrease communications costs, and to ensure minimal recovery time for both business processes and information technology assets.  Others have taken the opposite viewpoint, arguing that regional disasters have caused widespread business interruptions that have affected an organization’s primary and alternate sites simultaneously.  Documented examples include the ice storms in Kansas City in 2001 and Quebec in 2000, as well as the terrorist attacks in New York.  Based solely on the experience in New York, the SEC, Federal Reserve and the OCC teamed to issue new regulations focused on 9/11 lessons learned – one of which was geographic separation.  Here is an excerpt from this white paper: 

    The systemic effects highlighted several important vulnerabilities that may not have been widely appreciated prior to September 11. First, it was clear that business continuity planning had not fully taken into account the potential for wide-area disasters and for major loss or inaccessibility of critical staff. Contingency planning at many institutions generally focused on problems with a single building or system. Some firms arranged for their backup facilities to be in nearby buildings on the assumption that, for example, a fire might incapacitate or destroy a single facility. Very few planned for an emergency disrupting an entire business district, city, or region. As a result, some firms lost access to both their primary and backup facilities in the aftermath of the September 11 events, severely disrupting their operations. Institutions also generally had not considered the possibility that transportation of personnel could be significantly disrupted and preclude the relocation of staff to alternate sites.

Based on this experience, the white paper initially mandated a geographic separation (greater than 170 miles) for critical components of the US financial system:

    In light of the September 11 experience, most now believe that the financial services industry must consider how to achieve greater geographic diversity of operations …  in order to withstand events of greater geographic scope than previously considered. Many now see the need to plan for extended periods of inaccessibility of more than one operating site within the same area. City-wide disruptions may be the minimum benchmark for planning purposes going forward, and the ability to withstand disruption of an entire metropolitan area or region is also being considered by some organizations.

However, the final version struck the distance mandate citing:

    The agencies do not believe it is necessary or appropriate to prescribe specific mileage requirements for geographically dispersed back-up sites. It is important for firms to retain flexibility in considering various approaches to establishing back-up arrangements that could be effective given a firm's particular risk profile. However, long-standing principles of business continuity planning suggest that back-up arrangements should be as far away from the primary site as necessary to avoid being subject to the same set of risks as the primary location. Back-up sites should not rely on the same infrastructure components (e.g., transportation, telecommunications, water supply, and electric power) used by the primary site. Moreover, the operation of such sites should not be impaired by a wide-scale evacuation at or the inaccessibility of staff that service the primary site. The effectiveness of back-up arrangements in recovering from a wide-scale disruption should be confirmed through testing.

Comparison of Advantages & Risks

For larger organizations that are wrestling with the idea of where to place alternate workspace or data centers, the following table breaks down the advantages of a nearby location compared to some of the continuity-related risks that this strategy may introduce.

Advantages*

Risks
  • Employees will incur minimal additional travel time following business interruptions; company travel costs will be minimal as well.
  • Employees will be better positioned to handle both family and work considerations following a disaster given minimal additional time away from home.
  • Normal, full-time employees can still work at a nearby location following the interruption.
  • Mass transportation may be affected in such a way as to prohibit employees from traveling to distant alternate sites (depends on geography and home location of employees), hence nearby recovery locations may be preferable.
  • Minimal communications costs associated with data replication due to minimal distance.
  • Some technology and communication assets will be unable to perform in a high availability manner beyond short distances.
  • Local business suppliers may have an easier time routing their shipments to a closer location rather than one further away.
  • Temporary employees may be required at a distant location (unless operations are already dispersed).
  • Naturally occurring threats (e.g., fires, floods, high winds, and ice) could affect all facilities in a given region.
  • Man-made threat scenarios could affect both primary and alternate facilities (e.g., terrorism, toxic chemical spills, etc.).
  • Quarantine or ‘no-go’ areas may affect both the primary and alternate facilities.
  • Mass transportation may be affected in such a way as to prohibit employees from traveling to local alternate sites (depends on geography and home location of employees).
  • Utility failure (i.e., electricity, natural gas, water and telecommunications) could affect both the primary and alternate facilities.
  • Mass illness or other health-related risks could affect a significant number of employees in a given region (bio-terrorism or naturally occurring illness).
  • Supply chain interruptions (to include vendors supplying recovery resources) caused by regional transportation issues could affect both locations.

Many of these advantages may be present for geographically dispersed recovery solutions if employees are dispersed to both locations.

Key Questions...
What are some of the questions that should be asked before making a decision regarding the location of the alternate site?  Here are some of the key discussion points:

  1. Does your organization already have a suitable location in a different region, potentially with a trained staff pool, that can temporarily sustain the business following an interruption?


  2. Consider where your client base is located (locally, regionally, nationally) and determine the criticality of the company's services during a local or regional event.


  3. Does the potential (local) alternate location employ adequate risk mitigation strategies to protect against the likely affects of a regional outage – redundant telecommunications paths, back-up power generators, fuel storage, alternate transportation paths, etc. - and how long can the company continue to operate in this manner? 

Conclusion
In today's business environment, some business leaders are electing to implement collocated recovery sites, whereas others are doing the exact opposite.  The most important consideration is to understand the risks involved through the execution of a comprehensive risk assessment, and electing to accept risks to which your organization may be vulnerable.  If management is unwilling to accept risks that have a regional flavor, a geographically dispersed recovery strategy may be the best solution (despite the potential cost savings).

About the Author
Alberto Jimenez is Senior Manager at Protiviti Inc., a global firm specializing in internal audit and business and technology risk consulting services. He can be reached at

Alberto.Jimenez@protiviti.com