Business Continuity: Applying Lessons

Natural Disasters Teach Organizations to Test Preparedness
Business Continuity: Applying Lessons

September is the peak of the Atlantic hurricane season. How should organizations in the potential path of these storms assess preparedness? Alan Berman of the Disaster Recovery Institute advises.

See Also: 10 Incredible Ways You Can Be Hacked Through Email & How To Stop The Bad Guys

Hurricane Irene and other global natural disasters in 2011 taught many organizations that they need to prepare themselves better before these incidents occur, says Berman, executive director of the Disaster Recovery Institute.

"2011 was the worst year for disasters in our history," Berman says. "There were 782 major disasters. Insurance claims exceeded $400 billion."

For all organizations in advance of such events, it's important to test disaster recovery and business continuity plans.

"The worst time to test the plan is during an emergency," Berman says in an interview with Information Security Media Group's Tom Field [transcript below].

Organizations should also perform due diligence throughout their supply chain, a practice which Berman is seeing performed more frequently. That due diligence ensures that there's no interruption to information or supplies.

"We've now moved into a maturity that I think involves end-to-end planning as opposed to being myopic," Berman says.

In an interview about disaster preparedness, Berman discusses:

  • Lessons learned from 2011's natural disasters;
  • How to assess your organization's level of preparedness;
  • Global business continuity/disaster recovery concerns.

Berman is a CBCP, a NFPA committee member, a member of the ASIS BCP technical committee, a member of the Committee of Experts for ANSI-ANAB and a former member of the New York City Partnership for Security and Risk Management. He's executive director of the Disaster Recovery Institute and co-chair for the Alfred P. Sloan Foundation committee to create the new standard for the U.S. Private Sector Preparedness Act (PS-Prep). Over a career that has spanned 25 years, he has served as a president and CIO for a major financial institution, national practice leader for operational resiliency at PricewaterhouseCoopers and Global Business Continuity practice leader for Marsh.

Preparing for Hurricane Season

TOM FIELD: You've just returned to the U.S. In fact, you're in the southern U.S. right now. What's your perspective? Are we more prepared for hurricane season this year than we were a year ago?

ALAN BERMAN: I think we're more prepared. Aside from the emergency response, I think we're looking more and more at the interruption of data flows and how it has affected organizations. I was in Japan last year after the tsunami and the whole issue with supply chain, and we're seeing the same thing this year where people are concerned about getting data and resources from areas that have been affected by hurricanes, so we're seeing more distribution.

Lessons from Irene

FIELD: In perspective, how bad was the disaster in 2011 from Irene, and what lessons if any do you believe organizations learned from that experience?

BERMAN: 2011 was the worst year for disasters in our history. There were 782 major disasters. Insurance claims exceeded $400 billion. But we started to become more prepared and especially for hurricanes, something we can now anticipate. You're seeing more people start to move their data offsite. They're starting to look at more back-ups. They're looking at redundancy and certainly there's more and more interest in cloud technology.

FIELD: Why does it take a significant disaster such as a hurricane for organizations to heed the lessons that we've all spoken about for years?

BERMAN: For large multi-national and global organizations to communicate with the other parts of their organizations in areas that have been hit by disasters has become a huge issue. We're working much better on our communications. We're working better on notification and, more than that, we're working more on preparation. When we know things are happening, we're being more proactive in shifting activities from areas that might be affected to areas that are unaffected.

Concerns for Current Season

FIELD: As we're speaking [in August], Hurricane Isaac is bearing down on New Orleans and it's coming north where we've got the Republican National Convention. What are your concerns, if any, about this particular storm and this hurricane season that we're facing now?

BERMAN: Everybody knows that you don't plan a major event during hurricane season in Florida, but other than that and the fact that we didn't prepare for it, I think we're going to see about an average hurricane season. Isaac was not the big storm that it was supposed to be. It did land at a one or a two. I think we're going to get more rain than we're going to get wind damage this time. We're preparing for a normal hurricane season, but that doesn't mean that organizations haven't prepared for this.

I think what we saw after Irene last year was the fact that we really have to prepare. We have to be able to have our technology. I'm staying in Miami two days after my flight was canceled here, and we're seeing even better technology with people being rerouted, so I think we really are seeing some advancement in those areas.

Ensuring Preparedness

FIELD: What's your advice for organizations that wonder if they're properly prepared?

BERMAN: There's nothing like testing. The worst time to test the plan is during an emergency, and we're seeing more and more of this testing going on. Not only are we seeing it within the organization, but for the first time we're actually seeing people perform the due diligence through their supply chain to make sure that they have uninterrupted information or uninterrupted supplies. We've now moved into a maturity that I think involves end-to-end planning as opposed to being myopic, saying, "Let's take care of my organization."

Other Continuity Issues

FIELD: Aside from hurricanes and natural disasters, what are the continuity and preparedness issues that most concern you right now in your organization?

BERMAN: When I look around - and I've been around the world, and I'm heading to Asia in a few weeks - the financial crisis has been one of those things that has affected more organizations, interrupted supply chains, had to shut down limited inventory, and if you look at what we do for a living, we really talk to companies and organizations on how do you work under duress. This financial crisis has companies under duress, and so there are separate plans for business continuity to deal with those kinds of issues. How do you deal with limited inventory? How do you deal with single source and other suppliers who may be on the edge of bankruptcy? We've really taken this as an economic model, as well as one that requires emergency planning.


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.