DIsastEr rEcoVErY - Mediaplanetdoc.mediaplanet.com/all_projects/6566.pdf · Disaster Recovery...

“Business Continuity and Emergency Management informationWHEN YOU NEED IT!”

Disaster Recovery Information Exchange

FOR INFORMATION

www.drie.orgwww.drie.orgVISIT

DRIE is a proud partner of Business Continuity Awareness Week:MARCH 21 – 25, 2011 WWW.BCAW.INFO

DRIE Chapters in: Western Canada, Winnipeg, Southwestern Ontario, Toronto, Ottawa, Montreal, Atlantic Canada, Caribbean, Australia

AN iNdepeNdeNt report From mediAplANet to tHe NAtioNAl poSt

DIsastEr rEcoVErY

How Des O’Callaghan saved his company—and billions of dollars—in the power outage of 2003 with

business continuity planning.

rISInG from the BLackoUt

risk evaluationthreats you may not think about

be preparedready your business for the worst

Get certifi eddo you want to be a business continuity planner?

Cloud computingGet your business off the ground

panel of expertsWhat are the most crucial elements of planning?

3TIPS

HOW TO AVOID BUSINESS

INTERRUPTIONS

no.1/february 2011

How Des O’Callaghan How Des O’Callaghan How

the BLackoUt the BLackoUt

Des O’CallaghanFormer manager, business Continuity planning

AN iNdepeNdeNt report by mediAplANet to tHe NAtioNAl poSt2 · FebruAry 2011

challEngEs

how long would your business last?

What is your company’s worst case scenario? Could you recover from it? Do you have a plan in place, just in case? It is proven that companies that don’t plan do not survive disaster.

the vast majority of large corporations in Canada have Busi-ness Continuity Plans (BCP) or Disaster Re-covery Plans (DRP) in place.

But only approximately 10 percent of small and medium sized busines-ses have any plans at all: even infor-mal ones. That’s so unfortunate given that the risk to small business is no less devastating than it is to large cor-porations.

Executives and owners of smaller businesses tend to be far less likely to recognize that a BCP or DRP can signi-fi cantly reduce loss of assets and po-tentially ensure their organizations’ very survival in the face of a disaster. It’s all a matter of gaining a better un-derstanding about BCP and DRP.

Even the terms themselves are misunderstood and often, incorrect-ly, used interchangeably. True, the two seem to be related because both are designed to protect businesses from unexpected or unforeseen disasters. However, there is a signifi cant diff e-rence between these two planning concepts.

Prevention and recovery are

both needed in planningBCP takes a holistic approach to con-tinued delivery of services to custo-mers and clients. It attempts to en-sure that corporate personnel, pro-duct delivery processes, facilities and business systems are in place and tested so that services can con-tinue with minimal, or no, inter-ruption. A DRP, on the other hand, focuses only on recovery and resto-ration of assets such as buildings, computer systems, and corporate data. As Ivan Kusal, director of cor-porate business continuity at TELUS, explains, “DRP refers to the recovery of systems and applications, where BCP refers to a broader sense of a bu-siness, its major processes and fun-ctions, including systems and appli-cations.”

Seek out knowledgeOne of the simplest and most cost eff ective ways for small and medi-um size business to protect them-selves is to investigate the BCP plan-ning methods and services available to them. There is an unlimited ar-ray of tools, templates and training courses available online, from fede-ral and provincial websites, not-for profi t BCP training organizations

and community colleges. Often the information is available free of char-ge or, at very reasonable rates. By ta-king advantage of these sources, bu-siness owners and executives would, in very short order, be able to deter-mine what is involved in identifying and protecting the critical pieces of their businesses and the best way to ensure the continuation of normal operations—before disaster strikes.

Being proactive pays offThere is no good reason for inaction. We’ve all seen the pictures of the G20 in Toronto where thugs smashed lar-ge plate glass windows and threw store contents onto the street. Who pays for the windows and content? It’s usually not the insurance com-pany. It’s the small business owner who pays. If those business owners had BCP plans in place before the G20, their stores would likely have had the fronts covered with plywood and the owners would also have had plans in place to ride out the store closures. If they had to do it over again, you can bet they all would have had business continuity plans in place.

Will your business choose to be resi-lient enough to survive the next crisis event?

Grant Whittaker executive director , dri Canada

A failure to plan

1 Fifty fi ve percent of small busi-nesses rated themselves as

“fair” or “poor” in terms of having a documented disaster recovery plan, or do not have one at all.

Absorbing the loss

2 Thirty one percent of PC users have lost all of their fi les due to

events beyond their control.

Test the archives

3 Thirty four percent of compa-nies fail to test their tape back-

ups, and of those that do, 77 percent have found tape backup failures.

FACTS

“Certifi cation by a recognized education and training body demonstrates that a person has that knowledge.”

Education and certificationdo you have what it takes to be a business continuity planner?

WE RECOMMEND

pAGe 5

Keeping your cool p. 7How des o’Callaghan avoided the worst in a meltdown scenario.

Cloud computing p. 7How it can further minimize your company’s risk.

diSASter reCoVery1St editioN, FebruAry 2011

Managing Director: Gustav [email protected] Manager: Jackie [email protected] Developer: David [email protected] Developer: Chris [email protected]

Responsible for this issue:Publisher: Pat [email protected]: Penelope [email protected]: Stephen Anderson, Alex Arvanitidis, Susan Bantin, Wayne Eckerson, Adrian Gordon, Gerald Marshall, Diana McLaren, Kevin Richards, John Theofadikis, Grant Whittaker

Distributed within:National Post, February 2011This section was created by Mediaplanet and did not involve the National Post or its Editorial Departments.

Business continuity planning can be very intimidating to those not familiar with the concept or the process (and even to many that do).

But fundamentally it is all about being resilient to events or situations that can suddenly, or over time, disrupt the essential functions of your organiza-tion. In essence what we are conside-ring are three core issues:

■ Understanding the objectives of an organization whether that be a go-vernment or NGO, business or non-profi t, public or private, large or small;

■ Understanding the risks that can prevent an organization from achie-ving its objectives;

■ Deciding what can be done to prevent or mitigate the risks and planning to ensure essential or-ganizational functions will con-tinue in the event of a disruption.

Prepare everyone involvedEveryone in an organization (not just the executive) needs to understand

what the fundamental objectives are. This may seem an obvious statement but sometimes there is real discon-nect between the executive and oth-ers in the organization.

The focus of this article is the se-cond issue, understanding the risks that can disrupt one or more key functions.

All too frequently, the need for bu-siness continuity planning is expres-sed in terms of major events and di-sasters such as pandemics, earthqua-kes, fl oods, wildfi res, hurricanes and tornados, winter storms or summer heat waves. It is certainly true that the

past decade has seen a signifi cant ri-se in the frequency and severity of na-tural disasters especially those rela-ted to climate change. However, whi-le these events should not be ignored, greater attention should be given to more common disruptions and their impact.

Assess all types of riskFirst, develop a profile of your organization that covers both exter-nal and internal factors. External risks include those specifi c to your location such as extreme weather and other natural hazards (your local communi-

ty emergency management coordina-tor may well have completed a risk as-sessment for your community) as well as the proximity to hazardous busi-nesses both big and small, major road and rail networks, and the construc-tion of your facility. Internal risks rela-te to the organization and include the nature of the organization, dependen-ce on communications and techno-logy (or lack of), people (job risks and potential for serious human error) etc. Some of the risks that are often unde-restimated are:

■ Supply chain disruptions due to fai-lure to ensure that key suppliers have business continuity plans and/or no alternative suppliers identifi ed; and

■ Single points of failure—these can be key personnel, systems or equip-ment where there are no backups.

The next step is to assess the like-lihood and impact of the risks which will lead to development of strategies to prevent or mitigate the risks and development of a plan to ensure conti-nuity of essential services in the event of a disruption.

Understanding the need for risk assessment

The perceived biggest threats to your business

■ Natural Disaster/Floods— 21 percent

■ Fire—15 percent

■ IT Failure—12 percent

■ Power Failure/Power Loss—six percent

■ Viruses/Hacking—six percent

■ Other—40 percent

“everyone in an or-ganization (not just the executive) needs to understand what the fundemental objectives are. ”Adrian GordonSenior Advisor, Canadian Center for Emergency Preparedness

DID YOU KNOW

?

mediaplanet’s business is to create new customers for our advertisers by providing readers with high-quality editorial contentthat motivates them to act.

PUT TIME INTO YOUR BACKUP

PLAN

PUT TIME INTO

1TIP

AN iNdepeNdeNt report by mediAplANet to tHe NAtioNAl poStAN iNdepeNdeNt report by mediAplANet to tHe NAtioNAl poSt FebruAry 2011 · 3

challEngEs

We do. Let us help you get it. We know you want to make a diff erence in

today’s world of Confl ict and Disaster Management. And to do that, you need

to have the most current intelligence and relevant, real-world experience.

Royal Roads University’s professional and applied programs are designed specifi cally

for working professionals – combining online learning with short, on-campus

residencies. It’s how you can further your education, work, and maintain your life.

Evaluate it from our perspective: visit us, at www.royalroads.ca. See how

our undergraduate and graduate programs can change your life – and help

change the world. Understand and learn even more by calling our Enrolment

Advisors at 1-877-778-6227.

Publication National Post File created by RRU Media Technologies/AT

Booked by Production Sonja Lockert 250.391.2600 x 4516

Size 6.41” x 7” [email protected]

UNDERSTANDTHE BIG PICTURE.

VICTORIA BC CANADA

Power Thru Technology

Thanks to IT Weapons, I can

manage a nationwide computer

system without worrying about

downtime or new IT investments

at every turn. That peace of mind

means we stay productive

and e�cient.”

- Peter McQuillan IT Manager at Drive Products Inc.

“

Visit IT Weapons online for your free IT assessment guide:

www.itweapons.com/freeguide

nEws

The world has had its share of disasters and threats, rang-ing from the earthquake in Haiti, flooding in Australia and power outages in Toronto, to flooding in New Brunswick, hurricanes and the threat of pandemics.

This past summer Toronto hosted the G20 Summit and we learned that pro-tests can greatly disrupt the commu-nity and lives!

How do business and government leaders prepare to respond, manage and make critical decisions during ti-mes of turmoil and restore things to normal? Well, the first rule of any good business continuity or emergency re-sponse plan is to “keep calm and carry

on”. The second rule is “be prepared”. So how do organizations then prepare for disasters or threats which can be unpredictable and unforeseen?

Business Continuity and Emergen-cy Response professionals have been developing principles and guidelines to help organizations for many years.

Business Continuity Awareness Week (BCAW)—March 21 – 25, 2011—gives you an opportunity to interact with these professionals and learn how bu-siness continuity can prepare your or-ganization for an emergency.

Teaming up to lead

BCAWs have been organized interna-tionally since 2005 to raise awarene-ss and enhance the ability of all orga-nizations to practice Business Conti-nuity Management (BCM) and emer-gency response. This year, five major partners in the Business Continuity and Emergency Management field ha-ve teamed up to lead BCAW in Cana-da: the Disaster Recovery Information Exchange and its affiliated chapters across Canada, as well as in Australia and Trinidad and Tobago, the Cana-dian Centre for Emergency Prepared-ness, the Business Continuity Insti-tute Canada, the Canadian Red Cross and the Disaster Recovery Institute Canada.

We encourage all public and pri-vate sector organizations and indivi-

duals to participate in BCAW 2011 to increase the awareness of Business Continuity Management and its im-portance to our communities.

Utilize the resourceBCAW is ideal for Canadian business executives, managers, governme-nt officials and small-to-large bu-siness owners. On our website you will find information about busi-ness continuity and emergency re-sponse planning processes, a sche-dule of webinars, featured artic-les and blogs and links to join dis-cussion groups, post questions and comments,

For more information on Business Continuity Awareness Week, or to participate go to: www.bcaw.info.

“the first rule of any good business continuity or emer-gency response plan is to “keep calm and carry on.”Wayne Eckerson Director of Research, TechTarget

Learn to keep caLm and carry on at the BcaW conference

Picture yourself: It’s a sunny Monday morning.

You sit down at your desk when you get the phone call, “We’ve been hack-ed. Half of our critical databases have been compromised and we’re not su-re what systems we can trust at this point. The key applications—order management, accounting, and ma-nufacturing—are all running, but we can’t tell what data is real versus what has been changed. Should we declare a disaster and activate our business continuity plan?” That can’t be right, you think. It’s a cyber incident, why would we need to activate the BCP plan? Then it hits you, unreliable da-ta causes manufacturing to not know

what to produce, order management to not know what to ship, accounting to not know what to invoice. Each de-partment is struck—dead in the wa-ter—until those key databases become available. It may be time to activate that plan.

A cyber threat is a business continuity threatFor most organizations, the primary emphasis is on data availability and redundancy, items aligned with and addressed by an organization’s IT di-saster recovery plan. Unfortunately, far fewer organizations are prepared for a breach of integrity of their data infrastructure. The 2010 Data Breach Investigations Report conducted by

the Verizon RISK Team in cooperation with the United States Secret Service summarized breach investigation de-tails spanning the last six years, over 900 breaches with millions of com-promised records. While more heavily weighted in the financial services are-na, the breaches span all major indu-stries and company sizes. Half of the attacks compromised the company’s applications and servers.

Once the breach has been managed, what part of the infrastructure

can be trusted? How far back in your backups do you need to go to get to re-liable data? The unfortunate truth is that you just don’t know; breach acti-vities can go on for weeks or months before they are detected. In many ca-

ses, companies “wipe” the server, go back to a base operating system, and build the environment from scratch which could be literally hundreds of servers and applications, and take weeks or months.

The costs to remediate are signifi-cant. To get the platform up and run-ning again, companies typically

spend several hundred thousand dollars while lost revenue can cost them upwards of tens of millions

due to disruption in operations and inability to execute on their business model.

Ask critical questionsDoes my company’s continuity plan have a strategy for resuming critical

business functions without the av-ailability of critical application sets? How long can operations continue with production estimates, manu-al processes, and reduced capacity? Does our plan have a structure for re-producing critical operational data to support key functions outside of the critical applications? These are criti-cal questions to ask when evaluating your IT security and business continu-ity plans to ensure your business.

Kevin RichaRds

Vice president, risk & Security Services

Neohapsis

[email protected]

cyber threats pose tangible issues


nEws

■ Question: What are the key elements of business Continuity planning?

■ Answer: obtaining senior management sponsorship and funding for the development of an enterprise-wide business Continuity management program, and following a structured approach to implement the program using industry best practices.

The concept of Business Con-tinuity Planning (BCP) has grown from its early days 30 years ago when companies first realized the need for com-puter data backups.

Today BC professionals characterize planning as sophisticated, holistic, and proactive.

It’s not just about keeping the IT sys-tems up and running (typically refer-red to as Disaster Recovery). All the ope-rations and people that keep business humming are part of a BC Plan.

John Theofi laktidis is a senior-le-vel BCP manager for a large Canadian corporation and a Director of the To-

ronto Disaster Recovery Information Exchange. He’s been on the front li-nes of this evolution from technolo-gy-focused preparedness to what is now thought of as building resiliency so that businesses large and small can continue operations in a crisis or emergency.

“In today’s fast-paced fi nancial mar-kets, the cost to institutions of not ha-ving access to their computer systems can be measured in the millions of dol-lars per hour. With the increase in ser-vice-based industries there is now the need for robust strategic plans so or-ganizations can continue providing services to clients regardless if the threat is from natural or man-made events, or highly contagious commu-nicable diseases.”

Globalization is another driving force in BCP with a company’s supp-ly chain reaching across borders. Situ-ations such as political unrest or cli-mate disasters occurring far away will impact business here in Canada ma-king vendor plans a greater issue for companies.

Planning stagesTheofi laktidis outlines the key plan-

ning components as follows: ■ An analysis of your environment

taking into account where and what the potential risks are (ie. is your busi-ness close to a railway line, near pro-pane tanks or dependent on foreign suppliers);

■ Identifi cation of your recovery re-quirements (called a business im-pact analysis). This involves intervie-wing people from leadership down to those on the front lines to determi-ne what they do and what they would need in an emergency interruption of operations;

■ Development of a strategy based on the fi rst two steps.Once this phase is complete, you move into development and implementation and documentation of the actual plan.

Next comes testing of the plan to validate whether or not it works. This isn’t a one-time activity, Theofi laktidis stresses. It’s part of what is called the “continuing life cycle” of business con-tingency planning.

“It’s not enough to just write a plan,” says Theofi laktidis,” you need to test it with regularity much like the fi re de-partment conducts drills.”

There are two types of tests, he says:

■ Active tests where you actually do a fi eld exercise;

■ Passive or what are called “table-top” tests where you conduct spot-

checks with people based on the plan’s documentation.

The purpose of testing is to determine if the plan is still valid. Where changes in business operations have occurred, as they inevitably will from time to ti-me, the plan itself must be changed.

Plan a living documentA business continuity or disaster re-covery plan is a living document that needs to be as dynamic as the business itself.

“In the last decade BCP has become a proactive process,” says Theofi laktidis. “Companies with robust Business Con-tinuity and Disaster Recovery Plans ensure the continuing viability of a company.”

In a large organization specifi c areas of responsibility will be spread across departments, while in a smaller busi-ness it may fall under the IT umbrella.

Whatever the size or nature of a busi-ness, BCP must become part of the cor-porate culture of an organization.

Back Up yoUr BUSIneSS to enSUre SUrVIVaL

diana McLaRen

[email protected]

John TheofilaktidisSenior BCP Manager and Director,Toronto Disaster Recovery Information Exchange

“it’s not just about keeping the it system up and running. All the operations and people... are part of a bC plan.”

ANALYZE YOUR ENVIRONMENTANALYZE YOUR ENVIRONMENT

2TIP


Disaster breeds disaster

1 Ninety three percent of com-panies that lost their data cen-

ter for 10 days or more due to a di-saster fi led for bankruptcy within one year of the disaster. Fifty per-cent of businesses that found them-selves without data management for this same time period fi led for bankruptcy immediately.

Time is of the essence

2 Companies that aren’t able to to resume operations within

10 days (of a disaster hit) are not likely to survive.

Planning is lacking

3 Thirty percent of small busi-nesses admit they have no for-

mal and storage procedures, or do not implement their procedures consistently.

Ensure the archive holds up

4 Thirty four percent of compa-nies fail to test their tape back-

ups, and of those that do, 77 percent have found tape backup failures.

nEws

Professional certification in Business Continuity Planning (BCP) is gaining traction with Canadian employers and academic institutions.

Today, the Disaster Recovery Institute Canada has 1,450 members who hold one of its seven levels of certifi cation. Executive director Grant Whittaker says that enrolment was steady from DRIC’s beginning in 1996. “But when 9/11 happened, that was a big turning point in people’s understanding of what could constitute a disaster.”

Along with more sophisticated un-derstanding came more need for BC

professionals with the training and experience to plan and execute plans for crisis that might aff ect businesses over protracted, often unknown, peri-ods of time. This was the case in epi-sodes such as the SARS epidemic and Hurricane Katrina.

“Certifi cation by a recognized edu-cation and training body demonstra-tes that a person has that knowledge,” Whittaker says.

Interest from employersWhile there are no hard statis-tics for certifi cation requirements, Whittaker estimates that from his experience,“I’ve seen 20 percent of jobs (in Canada) require a level of cer-tifi cation, another 30 percent list it as

a desirable qualifi cation and the re-maining half of employers fi nd it be-nefi cial but don’t specify BCP certifi -cation as a requirement.”

DRIC is part of Disaster Recovery Institute International based in the U.S. They off er almost a dozen cour-ses and four levels of professional cer-tifi cation. The latter range from As-sociate (exam but no experience re-quirement) through to Master level designation (exam, written submis-sion, references and minimum fi ve years experience in seven of DRI’s 10 Professional Practices).

International focusThe Business Continuity Institute has an international profi le. Started in the U.K. in 1994, BCI currently has 190 Ca-nadian members, according to vice president Alex Arvanitidis.

“BCI’s Certifi cation Standards ha-ve been accepted internationally, and both the training and certifi cation exam are based on what we call Good

Practice Guidelines,” says Arvanitidis. He foresees a formal accreditation

process based on International Stan-dards down the road for BCP profes-sionals.

BCI currently off ers four member-ship levels as well as a number of cour-ses that are changed and adapted. Ac-cording to Arvanitidis, “there’s a focus on ‘the global supply chain’. As some organizations have become quite resi-lient within their ‘four walls’, they ha-ve now begun to recognize their grea-test weakness may be their network of suppliers.”

Experts in planningare needed more than ever

Grant Whittakerexecutive director, disaster recovery institute Canada

■ Question: How can you benefi t from certifi cation as a business Continuity planner?

■ Answer: Governments and corporations are increasingly aware of the need for educated professionals, and certifi cation demonstrates your expertise.

diana McLaRen

[email protected]

checks with people based on the plan’s documentation.

The purpose of testing is to determine if the plan is still valid. Where changes in business operations have occurred, as they inevitably will from time to ti-me, the plan itself must be changed.

Plan a living documentA business continuity or disaster re-covery plan is a living document that needs to be as dynamic as the business itself.

“In the last decade BCP has become a proactive process,” says Theofi laktidis. “Companies with robust Business Con-tinuity and Disaster Recovery Plans ensure the continuing viability of a company.”

In a large organization specifi c areas of responsibility will be spread across departments, while in a smaller busi-ness it may fall under the IT umbrella.

Whatever the size or nature of a busi-ness, BCP must become part of the cor-porate culture of an organization.

Alex ArvanitidisVice president, business Continuity institute

Outages are expensive, costimg SMBs $12,500 a day.

Their customers suff er fi nancially, with SMB outages costing them $10,000 a

day.

Fifty four percent f their customers have switched SMB vendors due to

unreliable computing systems.

Twenty nine percent of customers lost “some” or “a lot of” data as a result of

disaster impacting their SMB vendors.

54%

29%

Their customers suff er fi nancially, with

10 k PER DAY

12.5 k PER DAY

the domino effect of data lossAre SMBs prepared for a disaster?

Courtesy of Global data Vaulting

[email protected]

DID YOU KNOW

?the odds of disaster recovery

Courtesy of Symantec

Source: 2011 Symantec Smb disaster preparedness Survey


panEl of ExpErts

Question 1:Disaster recovery and business continuity plans come in all shapes and sizes. What is the most crucial aspect of a DR/BC plan and why?

Question 2: Technology and innovation has really elevated disaster recovery and business continuity planning; what industry innovation has had the biggest impact on DR/BC planning?

Question 3:Why do you believe many businesses should have a proper disaster recovery or business continuity plan or any plan at all?

Jean SlickProgram Head, Disaster and Emergency Management Program, Royal Roads University

Peter MartinPresident, AFI International Group Inc.

Daniel LavoieAssociate Assistant Deputy Minis-ter, Emergency Management and National Security, Public Safety

The advent of technology-based solutions has made it possible for organizations to crea-te highly-detailed back-ups of their informa-tion and systems in the event of failure. These systems can improve an organization’s abili-ty to recover from disasters.

Technological innovations can be in the form of advancements of a product, with bet-ter performance. Or they can truly be innova-tions, doing something differently. In this re-gard, cloud computing, and other such shifts in technology, increases our interdependen-cies. These interdependencies cannot be add-ressed in any one business continuity plan, and require us to think about the collective nature of activity, whatever that may be, and to reconsider what disaster recovery and bu-siness continuity planning may mean in the-se changing operational contexts.

Planning software has made the overall development of a plan less cumbersome. Although development of software eases the process, it is important that the correct platform is chosen—one size does not fit all and it still requires an individual to drive the process.

It is important that organizations recogni-ze that some services are critical and must be delivered without interruption. Having a business continuity plan in place will ena-ble critical services or products to be conti-nually delivered to clients or citizens. Every organization is at risk from potential and wi-de-ranging disasters. All Canadians and busi-nesses have the responsibility to prepare for possible disruptions and having a BCP will help to ensure that organizations have the re-sources and information needed to deal with these emergencies and continue to serve the public.

We consider the future in light of our past experiences, and our past exposure to ha-zards and their impacts varies. Planning for future hazard scenarios requires us to grapp-le with uncertainty and probability, and to anticipate. The degree to which a business is aware of hazards and risk, and changing ha-zard and risk contexts, will influence their engagement in preparedness planning.

As a profession, disaster and emergency management is changing, and has much to contribute to engagement of businesses in preparedness planning.

Many individuals tasked with this type of responsibility have another primary fun-ction within the organization. The task of bu-siness continuity planning often takes a back seat due to other day-to-day responsibilities as well as the inherent notion that “it will ne-ver happen to our company.” Many busines-ses do not see the full scope or impact that an incident can have on the organization and how it can effect every facet of the business.

The most crucial aspect of a BCP in the go-vernment context is the delivery of critical ser-vices that Canadians rely upon and the conti-nued operation of the Government of Canada. The Emergency Management Act stipulates that Public Safety Canada is responsible for re-viewing departmental emergency manage-ment plans, which includes departmental bu-siness continuity plans. These plans are needed so that federal organizations can continue ope-rating during an emergency. Under this act, Pu-blic Safety Canada is responsible for ensuring that business continuity plans meet the over-all needs of the federal government. It had pro-vided a self-assessment tool for departments to review their own business continuity plans.

We often focus on plans as products, and while a disaster recovery and business continu-ity plan is an essential component of a broader risk management plan, we need to remember that planning is equally a process, specifical-ly a process of engagement of key internal and potentially external stakeholders. Stakeholder engagement is what creates a shift in mindset, from one which minimizes risk, to one that re-cognizes and attends to risk. It is the process of disaster recovery and business continuity plan-ning that cultivates a culture of risk reduction, and resiliency. A resilient organization is the outcome we are seeking. Shifting from a focus on the paper plan, to the process of planning it-self, and renewal of that planning, should be a central focus of any DR/BC planning activity.

The most crucial aspect of a plan—whether it’s for a labour dispute or a natural disaster—is not one specific part of the plan itself, but the assignment of a single point of accounta-bility. That individual requires full authority and buy-in to drive the process from the top executives down, which will allow a compre-hensive plan to be developed. Once a plan is completed it must be tested— either through a table top exercise or an actual drill.

Keeping your cool in meltdown mode

Des O’Callaghan can be considered one of Canada’s Disaster Recovery pioneers.

He was at the right place at the right time, working for a major Canadian bank when business continuity plan-ning first emerged.

“I pretty much fell into my first po-sition in disaster recovery,” he recalls with a humility.

Fourteen years later, when he found himself as business continuity ma-nager for a major company providing critical services in the financial sec-tor, O’Callaghan’s knowledge and ex-perience were put to the test. He was part of the command centre respon-se to keep operations going during what’s called the Great Power Outage of 2003.

Just after 4 p.m. on August 14 of that year, the power grid was lost, affecting 50 million people and plunging Onta-rio and Northeastern U.S. in darkness.

Outline


panEl of ExpErts

LIGHTS OUTToronto was one of many cities along the Easter Seaboard affected by the 2003 black out.

The owner perspective:

When I fi rst heard that a fi re had started in the warehouse

of the building I leased, needless to say I was in complete shock. Many things went through my head, such as this was the business I had cre-ated with my own hands—a busi-ness that served as a livelihood for my employees and served the local landscape community for 20 years. I was devastated by the chain of events that resulted in the loss of my building and all the contents in-side, but was fortunate enough to have taken the precautionary steps in making sure my business was co-vered for such an emergency, such as insurance and data backup. As a business owner, you’re trying to protect more than just yourself but also the people that help make your business successful, the people you work along side, everyday.

Employee:You never really realize the long-term diffi culties of a di-

saster until it happens to you. In the short term, you know that you lo-se things like buildings, inventory, equipment and fi les; but you always fi gure those items are covered by in-surance and can be replaced. When the fi re took place, I was fi rst intro-duced to loss of business insuran-ce, a service I thought would help the business get back on its feet un-til the smoke had settled. However, until you experience it fi rst hand, you don’t realize the short time fra-me you can allow your business to be down. Customers need products and competitors see new prospects. You cannot blame anyone for what happens and customer service be-comes top priority to make sure clients fi nd temporary resources during your downtime. When you see your place of employment on fi -re, you realize it is one bad day in a string of tough times to come.

Customer:When you fi rst hear the news, you feel terrible for a colleague

and your thoughts go out to them and their employees. It defi nitely makes you thankful that nothing has happened to your business and take it as a learning experience on what you need to do to make su-re you’re protected. It does take a while for you to realize how this af-fects you, and it happens when you hop in your truck to pick up mate-rials for a job your working on, then remember you need to fi nd a new supplier. It does become a struggle of morals and relationships; some suppliers helping their fallen com-petitor while others are off ering ‘you’ a new opportunity to buy si-milar products for better prices in hopes to attain your business on a long-term basis. You defi nitely have several things to weigh, what’s good for your business, who’s been there for you in the past and what future relationships can bring you.

DON’T MISS!

InspIratIon

BACKUP GENERATORS ARE WORTH

THE INVESTMENT

BACKUP

3TIP

cloud computing minimizes risk

Keeping your cool in meltdown mode

Des O’Callaghan can be considered one of Canada’s Disaster Recovery pioneers.

He was at the right place at the right time, working for a major Canadian bank when business continuity plan-ning fi rst emerged.

“I pretty much fell into my fi rst po-sition in disaster recovery,” he recalls with a humility.

Fourteen years later, when he found himself as business continuity ma-nager for a major company providing critical services in the fi nancial sec-tor, O’Callaghan’s knowledge and ex-perience were put to the test. He was part of the command centre respon-se to keep operations going during what’s called the Great Power Outage of 2003.

Just after 4 p.m. on August 14 of that year, the power grid was lost, aff ecting 50 million people and plunging Onta-rio and Northeastern U.S. in darkness.

Like others across downtown To-ronto where O’Callaghan’s offi ce was located, the scope of the blackout wasn’t known initially.

“At fi rst we thought it was just a mi-nor power outage in our area. Then we realized that 80 percent of the buil-

ding was dark. Lights were out, com-puter screens were blank (unless bat-tery-operated laptops) and air condi-tioning was off .”

The only exceptions were two cri-tical fl oors that were powered by die-sel generators, part of the company’s emergency response plan.

The stakes were highThe company was the hub for natio-nal securities depository, clearing and settlement. On a typical day such as Aug. 14, 2003, that represented an ag-gregate value of approximately $250 billion. “It was highly critical that the-se transactions were processed on a daily basis. So this blackout was huge, O’ Callaghan says.”

O’Callaghan says the timing of the power outage was fortunate since the major markets had just closed at 4 p.m. (the blackout occurred 11 minu-tes past four).

His fi rst order of business: pull the senior management team together in

the conference room that became the locus of emergency decision-making operations.

Immediately O’Callaghan set to work fi nding out what had happened, getting the big picture. Next he turned to fact-fi nding: was the suburban data centre (operating also on emergency diesel generator power) ok? What was happening with the key players such as the major banks, government, and so on? How long was this outage esti-mated to last and how much diesel fu-el did his company have?

O’Callaghan kept connected, check-ing news reports, talking to colleagues and the management team, and net-working with external institutions.

One memory he says he’ll never for-get— “When it all started I was the on-ly one to pull out a pen and start writ-ing everything down.” That, he adds, is one of the “cardinal rules to keep a re-cord of everything.”

Often O’Callaghan’s role was in the background—listening, gathering in-formation, liaising with external play-ers and making sure everything went according to plan.

At the time he’d only been at the company for four months. With tra-demark modesty, he says simply “I did what I had always prepared to do.”

“one of the cardinal rules is to keep a record of everything.”

Des O’CallaghanFormer manager, business Continuity planning

diana McLaRen

[email protected]

■ Question: How did Des O’Callaghan help his business avoid a billion-dollar loss during the Great Blackout of 2003?

■ Answer: By using his expertise as a disaster recovery professional, he helped his company keep its cool.

PROFILE

Des O’Callaghan

Born: October 16, 1949.Occupation: Retired Manager, Bu-siness Continuity Planning.Education: Attended McGill University; Fellow of the Business Continuity Institute.Accomplishments: Lead instructor in BCP at George Brown College; Director of Communications for Disaster Recovery Information Exchange; 2009 Canadian Award for Business Continuity from Canadian Centre for Emergency Preparedness.

HOW I MADE IT

On the topic of “cloud computing”, opinions vary widely from advocating the benefits of the “Cloud”, to putting up warning flags, to an increasing number that state the Cloud represents the new disruptive technologies that will turn the IT industry upside down.

A common theme is that compa-

nies of all sizes should embrace cloud computing, but cautiously and with a well-planned strategy. Security, reliability and legal con-cerns are most often cited as re-asons behind adopting a cautious approach.

Prepare for disasterSome Cloud Service Providers seeking to building out more innovative customer solutions are meeting these concerns head-on by affording businesses—particularly Small and Medium sized Enterprises (SMEs)—the opportunity to utilize the Cloud in a low-risk, high-value manner through provisioning of Cloud-enabled, high availability,

business continuity solutions, or “Recovery as a Service”. The key is that a business continuity solution, or more commonly called “Server Replication to the Cloud”, does substantially more for your IT infrastructure and capability than just protect it from failure. It provides the infrastructure for a complete Business Continuity/Disaster Recovery solution, all leveraged through a third party redundant replication process in the Cloud.

In fact, Server Replication to the Cloud offers the ability to test systems in the Cloud without any immediate impact on existing production systems; a revolutionary way of conducting

business.

Make it a priorityThe message these Cloud Provi-ders are sending to the IT commu-nity is a simple one: by deploying Recovery as a Service technologi-es, you can maintain your produc-tion environments in-house, while continuously testing performan-ce levels when operating from the Cloud. This zero risk, extremely low cost option is something that was only recently made available in such a flexible and cost effecti-ve manner. Essentially, the Cloud represents a low-risk, high-value Recovery as a Service enabled so-lution that scales to meet your business needs.

Joshua GeistFounder and Ceo, Geminare

GeRaLd MaRshaLL

president,

martek Supply landscape and

Construction products

[email protected]

Disaster affects all associated with your business

DIsastEr rEcoVErY - Mediaplanetdoc.mediaplanet.com/all_projects/6566.pdf · Disaster Recovery...

Documents

Transcript of DIsastEr rEcoVErY - Mediaplanetdoc.mediaplanet.com/all_projects/6566.pdf · Disaster Recovery...