Disaster recovery and business continuity is somewhat of a misnomer, it turns out, according to Intel, which has set up a complex internal system of ongoing business continuity planning that render disaster recovery more like business as usual.
Speaking at the World Conference on Disaster Management, Intel business continuity manager Kathryn Dornfeld laid out the company's dizzyingly evolved ecosystem of disaster planning teams, including emergency response teams, emergency operations centers, issue prevention management teams, and crisis management teams.
The corporate emergency operations center meets virtually, and is embedded within the company structure, while the site emergency operations centers are responsible for managing their own operations and on-site issues at hand during crises and during planning for emergencies, according to Dornfeld.
To achieve optimal awareness throughout a company, Dornfeld said, it's important to spread the word about safety initiatives. This includes Web-based course management, training, and hundreds of part-time "business continuity champions" who help manage on-site awareness.
Donald Lum, a program coordinator with the Ontario Power Generation's dam safety and emergency preparedness division, said that his company works hard on awareness training. "We run drills and engage the first responders," said Lum.
Executive support is also important for full business continuity implementation. Intel uses dashboards to keep them appraised, she said.
Eric Holdeman, a principal with the consultancy ICF International, said, "IT managers need to establish a relationship with management."
Ongoing program assessment also makes sure that they are up to speed, and keeping business continuity ongoing, rather than triggered by a disaster. Dornfeld cited a supply chain example, where Intel plotted out alternate routes and suppliers in case of emergency. Said Dornfeld: "Instead of us having to react in a short amount of time, we go to them, rather than having to wait for them to call us and tell us there's a problem."
Focusing on business impacts--rather than threats--is the best route, Dornfeld said. "Talk to senior management about critical business functions so that you can do your Risk and Impact Assessment. Focus on the things they'll relate to, like cost and operational downtime," she said. "You need to support them, not tell them what to do."
Keeping the Risk Impact Assessment fresh and reflective of social, economic, and other disasters is also important. "You need to evaluate change and see what could influence the outcome," said Dornfeld.
According to Lum, "You're always learning new things."
And, when it comes to run-throughs, the more the better. Intel ran around 600 drills in the recovery space alone last year, and often runs joint drills with local rescue personnel such as fire and police and disease control. She said, "This is important, as we sometimes found that the way we thought we would be doing things didn't mesh with what they'd do in an emergency."
The Chengdu earthquake was a recent example of having to put its plans in action. Operations were able to run smoothly, since they were moved temporarily, as according to plan, to other locations in China and Malaysia to keep everything on track.
More human issues often come into play, too, which Intel also plans for. According to Dornfeld, a designated nap room was set up for the sleep-deprived earthquake victims, along with "Camp Intel," a work-based shelter for earthquake victims and their families.
Alternative work sites have been set up during typhoons (the Philippines), floods (Washington), riots (India), fire (Vietnam), and bombings (Israel), perhaps even creating a new task for IT managers who will be called upon to set up off-site operations, complete with networking and authentication.
"Could you work with only forty per cent of your staff?" asked Dornfeld, pointing out that many people are often unavailable during an emergency, and that skeleton staff operability should be a part of any plan. For an IT department, this could mean extra attention to staffing patterns, since key IT infrastructure is considered critical, and could result in IT staff being more required to be on-site--or at least prepared--in an emergency.
The World Conference on Disaster Management continues on Wednesday.