Friday 23 November 2012

NYSE- FAIL

As I sit in my computer room looking outside on a gloomy Fall day, I am left to ask myself - How did this happen? Yes, this is Canada in late November and yes, it is indeed normal to be rainy and cold. This is not why I am asking HOW.

I am asking how as, between teleconference meetings this morning, I came across the following article:

http://www.computerworld.com/s/article/9233125/Even_with_prep_did_Wall_Street_s_business_continuity_plans_fail_?taxonomyId=154&pageNumber=1

How can it be that, in 2012, with nearly two weeks notice of an impending disaster, the New York Stock Exchange (NYSE) can find itself in such a predicament? Surely they must have considered the impacts that such a storm would have on their business prior to developing their continuity plans and strategies. Surely they must have asked 'what happens to our people power' in the event of such a geographically large, lengthy and impactful crisis. And, surely, they must have confirmed that they had all doomsday scenarios covered when they reported on their business continuity program annually to the U.S. Securities and Exchange Commission and the Financial Industry Regulatory Authority.

Maybe not.

The NYSE made the age-old error of investing in, relying on, and reporting on their IT disaster recovery capability only. They failed to consider a scenario in which the infrastructure would fail and actual people would be required on-site (or at least within a building with power) when doing their business continuity planning. In 2012, it is no-longer acceptable to forget about such things. Considering your technology, people, information, and image are no brainers when developing your contingency strategies.

As much as this situation saddens me, it also gives me hope that... maybe my skill set and services are still required as much as they ever were.

For the record - a straightforward hot-site solution located away from the coastline elsewhere in New England is all that it would have taken to keep the NYSE up and running...

Thank you for reading,
The Continuity Blogger
Follow me on Twitter @continuity_blog

Wednesday 19 September 2012

As global tensions heat up, should we be considering whether international agreements are worth the risk?

            

Contingency planning efforts and their associated expenditures have been for not. Pack your things and get out.

This is what you could be hearing from your Chief Executive Officer in the event of a significant supply chain or service disruption, which, depending on the business you are in, could bring you to your knees in the near future.

In the past, a large proportion of organizations undergoing significant growth have built and become reliant upon international agreements (supply and service agreements)  with like organizations around the world. The agreements have often been a quick and easy way to grow business / increase revenue (via the use of cheap labour, gaining access to resources outside of the reach of the organization, and so on). The assumption made by organizations entering such agreements has always been that world tensions would never get to a point where said agreements could be compromised. Unfortunately, as Israel ratchets up its talk against Iran / as Iran continues to develop nuclear devices, and as China and Japan tensions continue to escalate, such international agreements should be reviewed. After all, for many organizations, a military conflict could bring a key supplier / outsourcer located in a conflict zone to their knees, and as a result, the hiring organization to its knees as well. Imagine that, after years of contingency planning preparation, a conflict a world away could render all of your efforts useless.

I am not writing this blog to create undue alarm. I am writing the article to warn that we are at a point in time where the risks of developing dependencies on international organizations are beginning to outweigh the benefits. Sure, after a careful cost – benefit analysis, it may be determined that benefits do continue to outweigh costs despite rising tensions, but have you (or your risk management department) done that analysis? And if so, have you looked at all of the ‘what-if scenarios’?

At the end of the day, the decision of your business may be to continue with the status quo, but before deciding to continue down this road, please consider the following:

-          Create a ‘plan B’ should a critical supplier be incapacitated.
-          Relying upon domestic suppliers and vendors to act as ‘plan B’ should an international firm become unreliable during a conflict is risky. Overlooking these vendors during the initial RFP period may have left a sour taste in their collective mouths, and they may not necessarily take you back.
-          Do not be afraid to ask to review the contingency plans of your outsourcing partners. Ask your partners if they have considered what they would do in the event of a large international / regional conflict and ensure that there are known penalties if they do not meet their obligations.
-          Become engaged in your organizations procurement process or ensure that your risk management department does. Make sure the risks of doing business with an international player are fully understood by all levels of management before contracts are signed.

Again, this blog is not intended to cause unnecessary concern, however, it is intended to question the assumption that many of in our field have made – that international peace will continue indefinitely.

What are your thoughts on this matter?

Thank you for reading,
The Continuity Blogger

Follow me on Twitter @continuity_blog