|
Many governmental organizations have already established and tested disaster recovery and business continuity plans, but others have not. In many cases, even those bodies that have prepared plans have protected only the most mission-critical — or the most politically sensitive — systems and infrastructures. Bodies that have no plans, or inadequate plans, may suffer serious service interruptions (see "Disaster Recovery Plans and Systems Are Essential," FT-14-5021).
What Governments Should Do Now
Immediately after making a disaster declaration, governments should take the following steps:
1. Communicate that government, at all levels, is working. This message should be disseminated via multiple channels (e.g., print media, radio and television, and the Internet).
2. Use these same channels to offer detailed information and instructions about relief efforts and emergency plans.
3. Ensure that all government employees are briefed and kept up-to-date on the disaster and recovery efforts. The public instinctively trusts information from government employees — whether at work or in private life — and this makes them an excellent resource for providing accurate information and preventing the spreading of unfounded rumors.
4. Leverage their facilities, services and business relationships. For example:
- Governmental bodies frequently have extensive fleets of motor vehicles, such as trucks, buses, vans and various types of heavy equipment for relief efforts.
- Governments usually have multiple, geographically dispersed facilities, many of which will not be affected by a disaster. Affected sites can make use of available space for offices and computing facilities.
- Governments typically have long-standing relationships with local vendors, and should reach out to these vendors for needed supplies and equipment.
What Governments Should Do to Prepare for the Future
Business continuity planners must receive support from IT and business management during planning and recovery. If this support is not forthcoming, continuity planning will remain a secondary concern — essentially the documentation of risk — and the governmental body likely will be unable to recover from a disaster. To gain support for their efforts, business continuity planners should:
- Cite examples of real-world disasters, their effects and the responses. The most-effective examples will be those that have directly affected the governmental body in question; disasters that have affected similar bodies, or occurred in close geographical proximity, will also be useful. The recent terrorist attacks in New York and Washington, D.C., will certainly provide the needed sense of urgency.
- Use data in government budgets and fixed-asset databases — which is in the public domain — to identify the value of assets managed by governmental bodies and their IT staff. Highlight the value of unprotected assets, bearing in mind that loss of service is the most significant impact of loss of assets.
- Use components of successful year 2000 contingency planning exercises — e.g., business impact analyses (BIAs) and recovery plans.
- Share the results of BIAs with management, and enlist management's support in championing recovery objectives with IT management.
- Take advantage of the multiple facilities in government jurisdictions. Establish reciprocal agreements among departments and agencies that will enable facilities to be used as "cold" or "hot" sites.
The recent terrorist attacks present governmental bodies — whether directly affected by these events or not — with an opportunity to improve their business continuity planning. Governments at all levels should use the heightened public awareness of their vulnerabilities to prepare for subsequent disasters.
|
