Preparedness – Not Just for Preppers: Preparing Your IT Organization for the Worst Case Scenario

Preparedness is moving into the mainstream from quiet wilderness retreats to full scale survival expos in major cities, National Geographic channel reality shows, scads of books and gun and ammo on backorder for months. While part of the expanding preparedness effort is driven by 2012 hysteria recycled from Y2K and legitimate worries of economic collapse, preparedness is not just for preppers. You need to consider enterprise preparedness if you want to ensure the survival of your organization.

“Two is One and One is None.”
This quote, often attributed to Mel Tappan and the Marine Corp, iterates the need for duplication across an organization. If you have only one server and it goes down, you have nothing. If you have one server and a backup, then in the event of a failure, you still have one. Install back up power generators to keep key systems going. Build in redundancy to ensure that you have what you need in an emergency. Don’t forget the human element when planning for redundancy. If your one go-to expert has a heart attack, you cannot go back for knowledge capture. Whether it is a series of cross-training seminars or vetting consultants who can step in when your subject matter expert is out, have a backup for your key human resources as well.

“Stock Up on Essentials.”
There is a fine line between stocking up for emergencies and hoarding. Your organization should have spare ink cartridges, routers and cables on site to avoid the hassle of running to the store when something breaks. You should also have bottled water, flashlights and snacks on the premises to offer to employees if it is not safe for them to leave, whether the reason is a major hail storm, Occupy Wall Street protestors or a major power outage. If a derecho shuts down your city, does your company have enough gas to keep the generators going for a week? If the power outrage shuts down your town but not your building, do you have enough water in on site storage to keep production going along with your generators? If there is a trucker strike, do you have enough parts and day to day shop supplies to keep going until it is lifted? Stock up on what your organization needs so that a disruption doesn’t leave your team idle.

“Have a Retreat.”
Design a disaster recovery plan. If your office building is rendered unusable by a fire, flood or tornado, you will need to relocate. Have a fall back site on the books that can host your most critical operations so that the business doesn’t stop when you most desperately need the money. Set up an off-site data back-up location now so that a storm or hack attack that shuts down your main server does not kill your organization. If your plan is that employees work remotely from home until the main office is usable again, verify that they have the ability to connect to back up servers from remote locations. Once you have a disaster recovery plan, test it. Your company should practice fire drills, tornado drills and simulated workplace violence so that they know what to do. You should also test your back up plans for an enterprise wide disaster. Ensure that your mirrored servers come up when the main server is down in a simulated denial of service attack. Check the phone numbers given by employees to reach them in an emergency, sending out notices that duplicate what would be sent out if the company site is shut down due to a natural disaster or power outage. Verify that your backup servers can handle everyone logging in remotely at the same time.

“Have a Bug Out Plan.”
If there were a fire on the ground floor, do your employees know how to get out of the building? If there is a major storm and flooding as incapacitated Washington, DC, do your staff know alternate routes to get out of the parking lot? If your employees are at a customer’s site, do they know where to meet up in case the main facility is off-limits due to riots, violence or a natural disaster? Have a bug out plan and communicate it to your staff.

This list is by no means inclusive. I haven’t touched on a nuclear disaster like Fukishima that destroys a work site and the entire regional supply chain or a long term economic collapse. To quote Marc Resnick with his permission, “What enterprise preparedness requires is a systematic analysis of the company’s needs in the case of different kinds of emergencies.” You need to review what is essential to your business, and then start planning short time solutions available in a heartbeat and long term fall backs for when the short term solutions are not possible or available.
Enterprise preparedness is not a fad. It is critical to the long term survival of your company. That is why it is also called business continuity management and disaster recovery. Preparedness is essential if your company is to continue running with minimal losses and recover from the disaster.