What did you do today? For me it was sleep in and then get up and finally delve into the above mentioned book. What motivated me? Several things got me going. One is that I've had a copy of the book staring at me every time I walked in my office. Recently I've written about cyber security and the need become better prepared for this new hazard. Since I'm not much of a techie I found the book to be right on target for my level of expertise.
A big issue for anyone is, where to start? Page 35 has a nice "preparing an Interim DR Plan. As noted there it can take as little as 15-20 hours to do so. Which fits nicely with my belief that any planning is better than no planning. Once you have started planning it is hard to stop. Chapter 2 is all about "Bootstrapping the DR Plan Effort" and in most cases that is what it will take. The IT folks have the same issues you do and they are being driven by the demands of the moment. No one is asking them about their recovery planning, so there is little energy typically behind such an effort.
You might have trouble with all the technical terms that come with working with the IT types at your organization. No sweat--every term is explained in layman's terms--which I like. Like Goldie Locks you can have all the Cold-Warm-Hot processing sites explained, along with the differences.
I have yet to find a government that has spent the time to have a robust "Hot Site" ready. One cheap way to get around the issue is to negotiate a "Reciprocal Facility" agreement with a like organization that is out of your immediate area and not likely to be impacted by the same disaster. See page 151.
One challenge I've faced is the time that IT professionals have to put towards these planning efforts. Some IT organizations are in "survival mode" going from one crisis to another on a daily basis. Investing time to do the really catastrophic planning is challenging. Yet, our cyber risks are increasing on several fronts. E-Government enterprise is increasing by leaps and bounds. We all know what it is like these days to have an email system outage--things grind to a halt. As more and more of our system processes are automated, when these fail, everything will stop functioning. Our ability to restore functions in the IT world will be key to maintaining an effective disaster response.
Some might argue that it is a good reason to not automate the EOC in the first place. I challenge that thinking--is it really about you and your desire not to want to learn one new system? We can't stay in the White Board World forever. Yes, backup manual systems are appropriate, but with the power of automation at our finger tips we should be taking advantage of what technology can bring. AND, doing some IT Disaster Recovery Planning for our emergency management function and for our organization as a whole.
I commend the book to your reading and personally I plan on going back to my parent organization on Monday (actually Tuesday) and having a chat about our level of preparedness for an IT based disaster.
