Eight-day IT outage would cripple most companies
Survey finds that most companies could not withstand a regional disaster because they are built to overcome severe outages lasting only up to seven days; experts say companies must make the business continuity plans more robust so they endure outages of at least thirty days
A Gartner poll of information security and risk management professionals released last week shows that most business continuity plans could not withstand a regional disaster because they are built to overcome severe outages lasting only up to seven days. Gartner analyst Roberta Witty said that the results of the poll show that organizations must “mature” their business continuity and disaster recovery strategies to enable IT operations and staffers to endure outages of at least thirty days. Such efforts would require additional IT budget spending and collaboration across enterprise business units at most corporations, she noted. Gartner surveyed 359 IT professionals from the United States, United Kingdom, and Canada during 2007 on their business continuity efforts, and nearly 60 percent said that their business continuity plans are limited to outages of seven days or less.
Further, results showed most companies focus on rebounding from internal IT disruptions, not from regional disasters that could also damage facilities. A very shortsighted tactic, remarked Witty, considering damage caused by Hurricane Katrina in 2005, as well as potential harm from outages, terrorist attacks, pandemics, service provider outages, civil unrest or other unpredictable event. “If you start looking at some of the events we’ve [experienced] over the last few years, companies must plan for events that actually take much longer to recover from,” Witty said. “This is an issue [businesses] have to deal with — it’s in front of everyone’s face right now.”
The survey found that 77 percent of companies have come up with a business continuity plan covering power outages caused by fire, while 72 percent have a plan to get up and running after a natural disaster. Only 50 percent of companies are prepared to rebound from terrorism-related IT outages. Witty did say that companies are starting to take pandemic concerns more seriously than in the past. The survey showed that 29 percent of organizations now have pandemic recovery measures in place, up from just 8 percent in 2005. To withstand an outage of up to thirty days, companies must improve cross-training efforts and streamline emergency management, notification and incident management techniques for quicker response, she added. “That’s what [business continuity] is about. If you don’t have people to manage it, a data center is useless,” Witty remarked.
