Are We Willing to Take That Risk?: 10 Questions Every Executive Should Ask About Business Continuity

By Michael Croy and Diane J. Laux

No one will ever be able to identify and manage all of his or her organization's risks. Although you can't predict every disaster, you can ask the right questions and put strategies in place to ensure the survival of your business.

"It is becoming increasingly evident that the knowledge of disaster recovery efforts must be accessible to far more than the (IT) experts Achieving success can only be found through the collective effort of a united public, its leaders and organizations."

- Barack Obama, United States Senator

"Progressive organizations with sound leadership now include business continuity and enterprise risk management as key parts of meeting stakeholder expectations and achieving organizational strategic objectives."

- Michael G. Oxley, Vice Chairman, NASDAQ

Michael Croy, an expert in risk assessment and disaster recovery, helps leaders understand what is needed to sustain business today. Through real-life examples, you'll understand what could affect your company-lost data, pandemics, terror threats-and by implementing plans for when something does happen, you're doing everything possible to ensure that employees still have jobs, customers are served, and stakeholders continue to support the company.

Take the first step in proactively managing your company in good times and bad and ask yourself, Are We Willing to Take That Risk?

• Language: English
• Publisher: iUniverse
• Release date: Oct 15, 2008
• ISBN: 9780595624607

Michael Croy

Michael Croy is director of business continuity solutions at Forsythe Technology. He has more than twenty-five years of experience in building, developing, and implementing disaster recovery and business continuity programs. He lives in suburban Chicago with his wife, Maria.

Book preview

Copyright © 2008 by Michael Croy and Diane J. Laux

All rights reserved. No part of this book may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying, recording, taping or by any information storage retrieval system without the written permission of the publisher except in the case of brief quotations embodied in critical articles and reviews.

The identifying details of some of the companies and individuals in this book have been changed. Neither the authors nor the publisher shall be liable or responsible for any loss or damage allegedly arising as a consequence of your use or application of any information or suggestions in this book.

iUniverse

1663 Liberty Drive

Bloomington, IN 47403

www.iuniverse.com

1-800-Authors (1-800-288-4677)

The views expressed in this work are solely those of the authors and do not necessarily reflect the views of the publisher, and the publisher hereby disclaims any responsibility for them.

ISBN: 978-0-595-52406-8 (pbk)

ISBN: 978-0-595-51655-1(cloth)

ISBN: 978-0-595-62460-7 (ebk)

Contents

Acknowledgments

Introduction

Question One

Crisis Du Jour

The Cost of Lost

Bad News and Good News

Question Two

Disaster Recovery ≠ Business Continuity

Assessing Your Plans

Understanding What’s Covered

Question Three

Scenario Planning

Minding the Supply Chain

Determining the Potential Business Impact

Question Four

Separating What’s Real

from What’s Make Believe

Validating the Strategies

Partnering With the Public Sector

Question Five

Considering People, Places, and Things

Putting People First

Question Six

The New Regulatory Era

Addressing Fiscal and Fiduciary Responsibilities

Question Seven

Identifying Where Risks Reside

Accepting, Assigning, and Mitigating Risks

Question Eight

Communications and Reputation Management

Expectations and Personal History

Business Unit Expectations

Versus IT Capabilities

Question Nine

The Business Context of IT

Optimizing Existing Infrastructure

The Newest Technology Isn’t the Only Answer

Question Ten

Appendix

About the Authors

To the highlight of my life,

my wonderful wife, Maria

Acknowledgments

There are far too many people to thank for their help in writing this book, but I’m going to try.

Diane Laux has been a dream to work with. I hope the feeling was mutual, but considering she knows where the skeletons are buried, I tried not to give her too much #&%@!

Thanks to the Forsythe marketing department, which has assisted every step of the way; my wonderful team of business continuity and disaster recovery professionals who work tirelessly to provide business with plans to prevent something nasty from happening and to save them if it does; and to Bill Brennan, president and CEO of Forsythe who offered initial encouragement along the lines of Hey, Mike, when are you going to write a book? and then supported me throughout the process.

Thanks to all of the contributors to this book, from John Jackson to Scott Smith and especially to my dear friend David Nolan. Without David’s years of encouragement in this business, none of this would have happened.

Most importantly, I thank Maria, my sweet, loving wife of all these years. She put up with a lot and was always there for me. And my beautiful daughters, Melissa Reams and Megan Melendez, who have given me joy every day of their lives. Their husbands, Andy Reams and Rick Melendez, who are the men a father would wish for his daughters. Of course my wonderful grandchildren, Benjamin, Eagan, Eliza Jane and our newest grandbaby, Callum James … Papa loves you, too.

To American business, thank you for the years of education, enlightenment and enrichment you have allowed me to share with you. Please remain vigilant, remain prepared, and remain resilient.

+When written in Chinese the word crisis is composed of two characters. One represents danger and the other represents opportunity.

- John F. Kennedy

Introduction

I am not a disaster monger.

As a child, I distinctly recall my momma telling me that little boys who played with matches would wet the bed, thus ending my brief-lived fascination with fire. But when I began my career, I found myself drawn to the knowledge that by thinking about what could affect my company—a fire, a flood, a strike—and putting some plans in place in the event something did happen, I knew our employees would still have jobs, our customers could still get product, our shareholders would still support the company stock.

In the early 1970s, I started as a production scheduler with Stewart-Warner Corporation, a manufacturer of automobile gauges and oil additives. I’d procure products, piece parts, really, and just write down what I needed on a slip of paper, give it to an order entry clerk and it went to the great computer in the sky. Everyone was amazed we were doing this cool computer stuff. The problem was that the software was prone to major glitches. Folks would load a stack of punch cards and pray they didn’t shoot back out in a buff-colored rainbow across the room.

I knew those glitches couldn’t be allowed to interrupt the manufacturing process, so when everything was entered into the computer, we made a hardcopy of the orders and an intern ran around the company getting signatures and approvals and such. It was sort of a backup plan, okay? Plus it gave a kid a job and helped pay his way through college. He probably runs a software company somewhere now.

When I started at computer peripherals manufacturer, Storage Technology Corporation (StorageTek) in the 1980s, Jesse Aweida was heading the company. I remember my first portable computer there was the size of a sewing machine. It took both hands to pick up and carry the thing. You took the cover off and connected it to any phone line and you could download a gigantic amount of data. 500K. In an hour. Now I can look at spreadsheets that size on my cell phone.

From there I joined Network Systems Corporation, and their high-speed channel extension products really pulled me into disaster recovery. A company could run their mainframe computer in Poughkeepsie, and using channel extension put a remote tape drive in Piscataway that the mainframe could drive. It was unheard of and was a natural application for disaster recovery. At Network Systems I also got my first look at this crazy idea called the Internet and worked with Charley Kline, who was in information technology at the University of Illinois. Folks like Charley, Doug Comer, author and professor at Purdue, and Jeff Case, with the University of Tennessee-Knoxville were the visionaries behind what the Internet could do for business.

In the 1990s when I went to Comdisco, by far the leader in the disaster recovery and business continuity industry, I had the chance to work with a cadre of brilliant thinkers like David Nolan, John Jackson, Vic Fricas and Bob Sibik. When I started really thinking about business continuity futures and where this industry could go, David Nolan was the first person I conceptually started picking up ideas from. Probably on a dare, Nolan put me in charge of creating a global trading floor recovery practice. I also learned a tremendous amount working at the side of Bob Cassiliano, the most knowledgeable person in trading floor recovery, then and now.

And then I landed at Forsythe, where I continue today. Here, I’m yet again surrounded by RSPs (Really Smart People). This group is focused on how to make technology work for you, maximize your technology investment, and give you the language and the knowledge for truly addressing your company’s risk.

In this book, drawing upon my 25 years of experiences in and out of the business world, I hope to establish a foundation for your business continuity considerations. Each chapter represents one of 10 questions, keystones really, for business leaders to use in exploring their organizations’ risk and continuity underpinnings.

Each chapter will provide context for the questions, and will close with summary thoughts and follow-up questions. I hope you’ll come away knowing that you have a crucial role in ensuring your organization’s future, requiring you to take the right risks and ask the right questions.

So if this book raises more questions than answers, then I’ve done my job.

The rest is on you.

These are the times that try men’s souls.

- Thomas Paine

Question One

What’s the Worst That Can Happen?

Weekends were made for sleeping in, kids’ soccer games, and network upgrades. In hundreds of places, all over the world, weekends bring engineers and technicians together to perform the computer equivalent of a 50,000-mile tune-up or add some racy new model to the data center ranks.

Your company’s data center may be hidden in the basement of your building or situated time zones away. You may have one data center; you may have four. But this mind-blowing, pulsing, whirring, sophisticated, data-jammed, compilation of old and new technology is similar to a delicate little snowflake. No two are alike.

Another quirk about data centers: between all the electrical equipment housed within and the miles of electrical cables housed beneath, like snowflakes, they’ll melt if not cooled properly.

Precision cooling systems protect the equipment; fire suppression systems protect the whole data center. Halon was king of fire suppression agents before we learned it also suppressed the ozone layer. Today we often use water and clean agent gas, though some halon systems are still around.

On one particular weekend of upgrades in the 1980s, a halon system protected the computer rooms of a leader in the oil and gas industry. Not that it mattered; because a new piece of equipment was