Eleven questions to ask -- and answer -- about your organization's crisis plan
The H1N1 influenza virus has caused anxiety as businesses, schools, and governments contemplated the prospect of widespread quarantines and shutdowns; other disasters may have similar consequences; is your organization ready?
The outbreak of the H1N1 influenza virus, or swine flu, has caused anxiety as businesses, schools, and governments contemplated the prospect of widespread quarantines and shutdowns. Many organizations which already have crisis-response plans used the occasion to dust off these plans, and many that do not have such plans used the pandemic prospect to start creating one. Preparedness is a good thing — especially as pandemics are only one kind of crisis that can disrupt an organization on such a scale.
CDW Government, Inc. (CDW-G), a supplier of IT to governments and educators, says that with an adequate technology and communication infrastructure, most organizations can redeploy staff and maintain at least essential functions in an emergency, if not full-scale operations. The challenge for many top, nontechnology executives and administrators is simply what to ask about telecommunications and information technology (IT) during crisis planning.
CDW-G’s “Guide to Business Continuity Technology for Non-Tech Executives” offers the following useful checklist of topics and questions for nontechnology executives and administrators to review with their management teams and IT departments to prepare for significant facility shutdowns — regardless of the cause:
- What functions and specific positions in our organization are compatible with remote work, even if they are not performed remotely today? Some jobs just can not be phoned in, but evolving technology is enabling remote performance of more and more positions. It is important to know exactly which are telework-capable, before a crisis occurs, and to reassess regularly with all departments and functions.
- What percentage of our associates in remote-capable positions is equipped and authorized to work remotely today? You may be further ahead on this than you think — but you may not. The answer to this question will define your crisis redeployment challenge.
- How well can our telephone and messaging systems support a redeployment plan? Today’s unified communications and Internet Protocol (IP) telephony technologies can support workers remotely via the same phone numbers and messaging systems they use while in the office. Many organizations, however, have not adopted those technologies yet, in which case employees will have to use mobile phones, home phones, or other means to transact business remotely. Whatever your case, have your communications team plan and instruct employees on how they should handle voice calling requirements during a crisis-driven redeployment.
- What is our standard telecommunications bandwidth (capacity), and will it be sufficient if we redeploy all remote-capable positions in a crisis? If your bandwidth cannot support large-scale remote work, your telecom manager will need to invest in backup capacity, which is a different kind of business relationship with your service provider. It may, in fact, require a different service provider.
- How many telecommunication access points do we have into our IT network? Some redundancy is essential in case you lose your primary access point for reasons beyond your control. The best data systems in the world are useless with no access to them.
- How well can we manage our data centers remotely? IT staff are affected by crises just like the rest of the organization, but remote management of servers and data centers is routinely available today. Few organizations, however, make full use of remote management, so you should ask.
- Do our data systems have adequate backup power to support them through an extended power outage? Can the power systems also be managed remotely? If the redeployment is due to a storm or other natural disaster, you many not be able to count on utility-supplied power.
- Is our data backed up frequently, securely and accessibly, regardless of where it originates or resides? Beyond ordinary data recovery concerns, a mass redeployment risks dispersion of important information across many remote desktops and laptops — or elsewhere. Even under normal operations, your organization should ensure that data resides only where it belongs, and your redeployment plan should as well.
- What remote access technology does your organization use (for example, virtual private network, dial-up), and will it scale up sufficiently when you activate your redeployment plan in a crisis? What is adequate for normal operations may fail if the number of users increases significantly and suddenly.
- How can we deploy sufficient remote or mobile computing devices to support a crisis redeployment without spending huge amounts of money? Consider all options, from rapid-provisioning contracts with a trusted vendor, to routine assignment of laptops to some functions, limited provision of home desktops or thin client devices, and authorization of secure remote access to your network from selected, employee-owned home computers. As your organization replaces employee computers routinely, you can increase capabilities for immediate and seamless redeployment.
- What remote access security tools do we use, and will they also scale sufficiently in a crisis? How will you deploy expanded remote access security on short notice without creating a bottleneck and losing productivity? Consider differences between security practices within your network and for remote access and eliminate them if at all possible. Practices that are unfamiliar to employees are unlikely to work well under pressure.