SECTION VI BUSINESS CONTINUITY MANAGER’S TOOL KIT
Chapter 30 A Proactive Approach to Improving the IS Business
A Proactive Approach
to Improving
the IS Business Continuity Plan
Belden Menkus
DIFFERENT ORGANIZATIONS USE DIFFERENT NAMES TO IDENTIFYTHEIR PLAN OF ACTION TO RECOVER FROM INTERRUPTIONS TO BUSINESS OPERATIONS DUE TO NATURAL OR MANMADEDISASTERS. For simplicity, this chapter uses the term business continuity plan. Whatever name is selected, the organization’s executives expect the IS business continuity plan’s provisions to enable employees to restore expeditiously and in order of priority the organization’s computing capabilities that have been dis- rupted by the occurrence of some type of disaster event. Yet, when actual disasters have occurred, organizations have found that reaching this desired goal was hindered because some of the issues that should have been addressed in the design stage of the business continuity plan were not.
Often these issues come to light only after disaster strikes an organiza- tion. In the recovery process, those employees responsible for realizing the recovery may find that much damage could have been avoided or diminished if certain steps had been taken before the disaster occurred.
Some of those steps are the focus of this discussion.
ISSUES AND RECOMMENDATIONS
This chapter emphasizes a proactive approach by examining some of the issues that often are overlooked in the design of business continuity plans. The recommendations in this chapter can be incorporated into an
0-8493-0907-7/00/$0.00+$.50
AU0907/frame/ch30 Page 317 Monday, July 31, 2000 5:00 PM
BUSINESS CONTINUITY MANAGER’S TOOL KIT
organization’s already existing IS business continuity plan. Also, these rec- ommendations can guide the revision of an existing audit work program for assessing the IS business continuity plan. These recommendations are dis- cussed in no order of priority. They are all important.
Local Fire Fighter Capability
Ensure that the local fire fighting unit is prepared to extinguish a blaze that involves electronic hardware. In particular, fire fighters should be equipped and trained to deal with the combustion of the complex plastic residues and the various toxic substances that the device components and the insu- lation that is used to coat the telecommunication and computing connec- tion cables may release. (The members of most fire fighting units deal pri- marily with fairly straightforward blazes that occur in residences. Rarely do they encounter complicated fire extinguishing situations. This is true especially in suburban and rural localities, where the fire fighters may be volunteers with essentially limited training.)
Try to arrange for an annual familiarization visit by the members of the fire fighting unit that is most likely to respond to the organization’s site.
These individuals should be made aware, at least, of the placement of the major computing and telecommunication hardware units and their wiring ducts. And, training in the proper techniques for handling a fire involving toxic substances should be provided by the faculty of the nearest fire acad- emy or similar entity.
Printed Forms
Provide for prompt replenishment of essential stocks of printed forms.
(Even where laser printers are being used to produce such forms, it may be impossible to restore that capability during the immediate post disaster recovery period.) Identify which vendor has the negatives for each form which must be available during the recovery period. Consider: including a duplicate set of these negatives with the records that are maintained in secure off-site storage for use in the business continuity process. (Where electronic forms are being employed by an organization ensure that a cur- rent copy of the software that is used in their generation is maintained at the secure off-site storage location.)
Time Delay
Allow for a delay of at least 12 to 48 hours in beginning to restore opera- tions after a fire is extinguished. This time will be required for the fire mar- shal’s legally required investigation of the site of a blaze to identify its prob- able cause and to determine the possibility of arson being involved in the incident. In some localities, as well, the local building inspector or health department may be required to certify that the site remains suitable for
AU0907/frame/ch30 Page 318 Monday, July 31, 2000 5:00 PM
A Proactive Approach to Improving the IS Business Continuity Plan
human occupancy. During this period, employee and vendor representa- tive access to the site and the removal or salvage of equipment, supplies and records will be restricted, at best. In some instances, such access may prove to be impossible for several days.
Funds Collection and Disbursement
Verify that an alternate means for collecting and disbursing funds exists if a major disaster occurs. In many such situations, such as a flood or an earthquake, the bank regulatory agency officials can be expected to close all of these institutions in the surrounding area for several days following the disaster. This action will be undertaken to permit the bank employees to concentrate on returning their institutions to normal operations.
Such a closing could have a critical impact, however, on the business continuity plans of the customers of the affected banks. Under this arrangement, they would be denied ready access to their organization’s funds. Such a restriction could impact both the enterprise’s funds collec- tions and accounts payable processes. This could pose a significant eco- nomic recovery risk for those entities that must transfer funds domesti- cally on a time-critical basis or internationally in any fashion. This will prove to be extremely critical in situations where so-called electronic com- merce arrangements are in place. One possible solution: Negotiate a standby line of credit from an out-of-area bank or investment house, to be used only during a recovery from the occurrence of a disaster.
Utilities At Alternate Site
Assure that the required water, electric power, and telecommunication ser- vices are in place and ready for use at whatever site is to be used for essential computing and telecommunication operations during the post disaster period. Typically, at least eight to 36 hours must be allowed in the business conti- nuity plan for the utility providers who are involved to activate any already in-place services capabilities. Three to five additional days must be allowed when new or additional utility services must be installed. And, in many rural localities this allowance should be doubled.
Telecommunications Capabilities
Validate that the telecommunications service providers who will be involved are prepared to divert incoming voice and data traffic from the orga- nization’s regular location to whatever site is to be used during the recovery process. Some local telecommunication enterprise central sites and the alternate carriers may not be prepared to divert call traffic in volume on short notice. The extra call load may create a queuing situation within the interoffice and network node trunk arrangements that will cause them to busy out this diverted traffic.
AU0907/frame/ch30 Page 319 Monday, July 31, 2000 5:00 PM
BUSINESS CONTINUITY MANAGER’S TOOL KIT
Possible Loss of Telecommunications Central Site
Allow for the possibility that the telecommunication enterprise central site itself may be lost. (Most likely, such a disruption would occur as the result of a fire.) Typically, central site service restoration will require several weeks to complete. The business continuity plan should allow at least three to five days for the installation and testing of a replacement switch. And the plans should allow at least an additional day for each 1500 local service links that must be restored. Normally, fire, police, and medical services will be given priority treatment during this process. However, other telecommunication enterprises that are not associated with those services can not be expected to receive spe- cial treatment during this time. Consider: Providing a so-called bypass micro- wave link for use during this period. If this is to be done, the hardware and electronic gear must be located on site in advance of the disaster occurrence.
Recovery Period Employee Work Space
Assure that there is suitable work space available for those employees who must be displaced during the business continuity process. Those individuals who are concerned directly with emergency operations should be relocated to a nearby contingency operations site. Consider: Furloughing customer ser- vice representatives, information processing application developers, and others whose work it may not be possible to support during the disaster recovery period.
Water Sprinkler Rating
Confirm that the rating is adequate for whatever water sprinkler fire extin- guishing mechanism which must be used in the environments in which any type of computing or telecommunicating is carried out. It may not be feasible, for a variety of reasons, to install any form of carbon dioxide or other type of gas- eous extinguishing capabilities in these areas. What is of concern in a sprin- kler fire extinguishing mechanism is the environmental or ambient air tem- perature at which most of the individual sprinkler heads will operate to discharge water and begin the fire suppression process. A 165∞F rated water sprinkler fire extinguishing mechanism is the one that is used most com- monly in these environments. (In many localities the building code or the fire marshal will insist that such a mechanism be installed. even where another type of fire suppression arrangement is in place.)
The individual water sprinkler heads in this sort of installation are designed to operate when the temperature of the fire sensing element in the head reaches between 160∞F and 170∞F. (The range of this relatively crude measure reflects the fact that these devices were meant originally for use in relatively simple warehouse and storage shed structures.) However, because of the comparatively primitive nature of the fire sensing process itself in such environments, the actual air temperature can reach 1000∞F
AU0907/frame/ch30 Page 320 Monday, July 31, 2000 5:00 PM
A Proactive Approach to Improving the IS Business Continuity Plan
before the extinguishing mechanism is activated. The availability of the protection that is provided by a water sprinkler fire extinguishing mecha- nism is far better than having no protection at all.
Ceiling Tiles
Insist that the tiles in the ceiling of any area in which computing or telecom- municating is carried out be anchored independently where a gas discharge fire suppression arrangement has been installed. This action will prevent the acci- dental dislodging of these tiles when the gas is discharged. (Normally these tiles are mounted loosely on a supporting metal framework in order to facil- itate their removal to provide for access to the plenum area for the routine maintenance of the installed lighting and ventilation mechanisms. However, the air turbulence that may be created by the fire suppression arrangement gas discharge can send the individual loosely mounted ceiling tiles flying across the work area, causing injury to people and damage to property.) Water and Moisture Removal
Assure that sufficient drainage has been provided for the prompt removal of any post disaster water accumulation in the area in which any type of com- puting or telecommunicating is carried out. Significant amounts of water can collect as a consequence of such things as natural flooding and the dis- charge of fire suppression mechanisms or the use of conventional hose streams to knock down the fire. (Most of this water will be very contami- nated and will affect adversely the operation of the computing and tele- communication equipment. In addition, the dirt and debris that this water can contain may be considered by the inspectors who were mentioned ear- lier in this chapter to constitute a public health hazard.) Normally, the so- called poured concrete with steel reinforcement construction that has been used commonly over the past generation in office buildings does not pro- vide such drainage. Some of the water and debris may be drained naturally through the building’s interior stairways and elevator shafts.
Drainage alone, however, cannot be assumed to be able to remove all of the residual moisture. Consider: Installing and operating several dehumid- ification units during the post disaster recovery period.
Rubbish Removal
Verify that adequate provisions have been made for rubbish collection and removal during the post disaster site cleanup process. A fire, flood, or other disaster can generate rubbish in volumes that are much larger than most structures are designed to accommodate or than most building mainte- nance employees are equipped to handle. Among other things, the type and extent of the flooding that was mentioned earlier in this chapter can dissolve the glue that holds floor coverings in place. Consider: Renting
AU0907/frame/ch30 Page 321 Monday, July 31, 2000 5:00 PM
BUSINESS CONTINUITY MANAGER’S TOOL KIT
several larger so-called dumpsters or open bed trailers to supplement the available trash removal equipment during the post disaster recovery period.
REALISTIC EXPECTATIONS
Finally, the main emphasis in the design of the business continuity plan should be on its practicality. It is unrealistic to expect that the impact of the disaster will be controlled readily and that the recovery process can be carried out in a neat and orderly fashion. In particular, the plan designers should look at business continuity from a proactive perspective.
AU0907/frame/ch30 Page 322 Monday, July 31, 2000 5:00 PM