Business Continuity Demands Collaboration

It used to be that the only time business executives ever thought about business continuity was on those occasions when the server was down, hampering E-mail and productivity. Now that's changed. Business-contingency and disaster-recovery infrastructure previously vetoed or shelved has been quickly dusted off.

InformationWeek Research surveyed 100 business-technology professionals in October on their companies' business-continuity and IT-contingency strategies. It found that a majority have a plan--but that most of those plans wouldn't pass muster in a real emergency.

One issue is that IT and network vendors who can help companies maintain business continuity too often are left out in the cold. Almost half of survey respondents say their company hasn't educated their service providers and suppliers about their procedures in the event of operational difficulties. Two-thirds haven't reviewed business-continuity and IT-contingency procedures with logistics providers or shippers.

It's not surprising that communication carriers are among those vendors in the loop, given their operational importance and call-switching abilities. But it would also be a good idea to clue in suppliers, such as system and software vendors, because they're capable of building and rebuilding infrastructure.

Some areas of consideration for companies that claim to have a contingency plan or intend to create one: How many times will you test it each year? Are executives in a cross-section of your company involved in setting business-continuity and IT-contingency policy?

While IT executives generally are charged with handling the technology and data recovery, they generally don't own all the business processes. Yet only three in five sites interviewed include executives from operations and distribution. And half don't include facilities or maintenance executives when establishing procedures. These are decisions that warrant re-examination.

How confident is your company in its business-continuity plan? Let us know at the address below.

Martin J. Garvey
Senior Editor
[email protected]

Buyer Beware
Effective deployment of business-continuity and IT-contingency plans relies on clearly defined procedures. These steps need to be communicated to associates inside and outside the company. For some businesses, that strategy means letting customers know how operating difficulties are handled to avert any concern over privacy issues. More than half of the 100 business and technology professionals interviewed by InformationWeek Research report that customers have been informed of their company's business-continuity and IT-contingency plans. But not all companies are willing to divulge such information--16% of survey participants say their company prefers to keep its contingency procedures private.

Knowledge Needed
Companies might be sitting on an operational problem regarding business continuity. Although businesses can manage how difficulties are handled within their infrastructures, few function without depending on other companies. Yet surprisingly, sites polled by InformationWeek Research generally don't know how key business associates plan to deal with operational problems. In all, 39% are unfamiliar with the contingency plans of their telecom carriers; almost half with their suppliers and service providers' plans; and about two-thirds with their financial institutions' plans. This could have significant consequences if problems occur--say, late in a payroll cycle.

Untold Problems
Are companies legally responsible for providing information to third parties such as suppliers in the event of operational problems? One in four companies say they must provide notice of operating difficulties to customers, vendors, and other business partners. Only 10% say responsibility is limited to customers; 7% say vendors and other business partners hold them accountable. And 40% say there's no legal answerability involved when operating problems happen. Just 3% say liability is limited to customers and partners.

Not Totally Covered
How thorough are service-level agreements or service-provider contracts that include business-continuity and IT-contingency provisions? According to InformationWeek Research, contingency clauses vary. Executives are more interested in assurances from Internet and telecom providers than vendors involved in the logistics aspects of their operation. In all, 67% of those surveyed say business-continuity provisions are outlined in their Internet service provider agreements. Nearly two-thirds report that contingency clauses are in contracts with their telecom carrier, but only 43% of supplier and 25% of logistics-vendor agreements include contingency provisions.