Rothstein Home: Your Source for Disaster Recovery, Business Continuity Books, Service Level Agreements & More Rothstein: Management Consulting Services Rothstein: Business Survival Newsletter Rothstein: Original Feature Articles Rothstein: Disaster Recovery Forum Rothstein: Today's Industry News Rothstein: Links to Industry Web Sites Contact Rothstein Associates

Seven Items Often Overlooked in Disaster Planning Disaster Recovery & Business Continuity & Contingency Planning & Disaster Prevention Bookstore
Service Level Management & Service Level Agreements Bookstore

by  Seven Lewis, Ph.D.

During the last 20 years, we have worked with organizations ranging from Retailers to Universities, from Banks to Dairies, from insurance companies to local governments and beyond. In all of these situations, we have found that all planners, no matter how experienced and systematic they may be,  tend to overlook certain items. Some of these are small, but crucial items which simply add insult to injury when disaster occurs, but other can threaten the survival of the organization.

      These seven overlooked items fall into a number of general areas, which are listed below and then discussed:

  1. Missing things “too close to see”

  2. Ignoring employee’s relevant personal-life situations

  3. Failure to track out-of-the-ordinary situations

  4. Intuitively assuming how other departments function

  5. Not learning needs of emergency organizations outside of the company

  6. Forgetting "unforgettable" events

  7. Ignoring external factors

1. MISSING THINGS “TOO CLOSE TO SEE”
An example of this oversight, which we have seen in almost 100% of the facilities we have examined, is the vulnerability of network and telephone panels to falling water. Most facilities have a panel on a wall where the telephone wires enter the building. Typically this is not covered and in the event of water coming down the wall, they burn out and are destroyed. Similarly, most computer networking racks are exposed to reduce heat buildup, however, they are not shielded from nearby sprinkler heads or simply water coming from above the ceiling and following the cables down to the rack. When they are hit by water, they also burn out.

      Another overlooked item we have frequently seen, particularly in older buildings, is the need for a key to exit a building via a locked door. Often institutions which are open to the public, such as banks, lock their doors but remain open for many hours after their public hours have ended. Every exit door needs to be operable from the inside without a key.

      Another frequent condition is the use of non-fireproof safes to protect key documents. Most safes are burglar-proof; however, most are not insulated, and in a fire, the contents are incinerated.

      Also overlooked are the two most important documents in any disaster: company checks and purchase orders. A supply of these needs to be kept off-site, ready to purchase immediately-needed equipment and supplies.

      Additionally, many organizations have valuable paintings, displays, and antiques in their facilities.  Often these are not covered by insurance riders in the event they are destroyed.

2. IGNORING EMPLOYEE'S RELEVANT PERSONAL-LIFE SITUATIONS
Often, an organization’s disaster plan requires key employees to relocate to a computer hot site for the duration of an emergency. We have found in several situations that those employees were single parents or care-givers, with no ability to even work emergency overtime, much less relocate out of the region to a hot site. One technique we have used to uncover such situations is to have all employees sign a form indicating that they have read and understood the disaster plan, as it pertains to them, and that they can fulfill their assignments in carrying it out.

3. FAILURE TO TRACK
OUT-OF-THE-ORDINARY SITUATIONS
Many disaster plans become fixated only on the disaster itself, rather than trying to track abnormal situations which can make the disaster worse. One of the most frequent out-of-the-ordinary situations to occur is that of temporarily disabled employees - requiring special assistance to exit the facilities. Planners need to have a system in place whereby these employees are identified and someone is tasked with ensuring their safety.

      Another situation occurs when key employees go on maternity, military or other extended absence with the result that their functions are left without emergency backups. Planning for their absences needs to also include the emergency backup they provided.

      Labor unrest represents a major vulnerability for many organizations. Planners need to set up a responsibility for tracking the expiration dates of union contracts to properly assess the company’s evolving risk exposure in this area.

4. INTUITIVELY ASSUMING HOW OTHER
DEPARTMENTS FUNCTION
All organizations depend on a series of support functions. The most typical of these are: mail delivery, check printing, voicemail, janitorial, and personnel. Because of their familiarity, planners often don't spend the time going through the details of their operations. The oversights we have found include:

  • an accounting department with a customized check-printer, using blank check stock – requiring over a week to replace the printer;

  • a mail room having no records off-site to enable notification of couriers and delivery services such as Fedex where to deliver when the facility is not in operation;

  • lack of an ability to access employees' voicemail if they are incapacitated;

  • personnel files stored in the executive department, in polished mahogany file cabinets;

  • lack of a procedure to track locations and proper protection of hazardous materials used by janitors and exterminators, which could, in a flood or fire, be spread throughout the facility.

Beyond these, many organization have “after-hours” facilities, such as banks having night depositories for large commercial customers. Often we have found that there is no way to notify these important customers if the facility becomes unavailable.

5. NOT LEARNING NEEDS OF EMERGENCY ORGANIZATIONS OUTSIDE OF THE COMPANY
Particularly in this age of consolidation, many organizations have far-flung locations. We have often found that the local fire and police departments covering these locations do not have up-to-date contact information in the event of an emergency in the local facility. For more complex facilities, we have almost never found that a set of building plans has been filed with the local fire department.

6. FORGETTING “UNFORGETTABLE” EVENTS
Almost all organizations we have worked with have had major disasters which have entered into their corporate lore. However, typically they fail to document the details of what went wrong; what went  right; what they've learned; what they need to change for the future; and, a tracking of follow-up on the recommended changes.

7.IGNORING "EXTERNAL" FACTORS
Many organizations don't take proper cognizance of the fact that they are located nearby to areas which can be a focus of demonstrations or targets of violence. An example we encountered after September 11, 2001, was an organization with an office and backup storage site located on an Air Force Base, hundreds of miles away from the terrorist attacks. As a result of the attacks, the base was closed to non-military personnel and the organization was unable to operate or gain access to the facility for an extended period of time.

CONCLUSION
In conclusion, the best way to avoid overlooking items in the disaster plan is by not going it alone. Planners need to seek both internal and external reviews of  their plans by experienced personnel who were not involved in the plan development. These reviews can include having people critique the plans of the departments upon whom they are dependent. They can also include having lower-level personnel review plans developed by their superiors. Finally, from the outside, often the organization’s insurance company or independent outside audit firm will provide an outside audit of the plan. The bottom line is, there's no substitute for a second set of eyes.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Steven Lewis, Ph.D. is the Editor-in-Chief of the Disaster Recovery Yellow Pagestm (www.DisasterRecoveryYP.com). He is a Certified Information Systems Auditor (CISA) with a PhD in Systems from the Univ. of Pennsylvania, and a Masters and Bachelors in Engineering from Cornell University.

During the last fifteen years, he has developed over 120 comprehensive disaster recovery/business continuity plans for networked based organizations. All of these plans were subject to review by Regulatory Agencies and were all approved.  Many of these also included "Year/2000" risk analyses, evaluation and testing.

Dr. Lewis has also authored numerous articles, including “Plan for a Disaster Without Destroying Your Budget,” which appeared in PUBLIC RISK magazine, and “Disaster Recovery Planning:  A HIPAA Requirement,” which appeared in HEALTH FACILITIES MANAGEMENT magazine.

Copyright (c)1997-2004, Rothstein Associates Inc. All Rights Reserved.

Back to Top

Site Map | The Rothstein Catalog on Disaster Recovery | The Rothstein Catalog on Service Level Books

Contact Us | Management Consulting Services | Business Survival Newsletter | Original Feature Articles

Disaster Recovery Forum | Today's Industry News | Links to Industry Web Sites | ‘Keep Me Posted’ | Privacy Policy

 

E-mail Rothstein Associates Inc.