Crisis management audits/disaster recovery audits
Looking out our window at the cloud of smoke coming from the empty space where we saw the World Trade Center slide from our view, we are struck by the fact that after a major crisis, when businesses start picking up the pieces, we find some that continue on and some do not. In some cases this is a matter of chance: In a disaster in which all members of a small, unregulated, firm are killed, it may well be that the business is gone forever, independent of preparation. In general, however, a firm’s survival is more dependent on its planning for disaster, and the actual execution of plans, than on chance.
Cantor Fitzgerald, which lost three-quarters of their New York staff and at least one of its major backup sites, was up and functioning within days. This is a reflection not only of their disaster planning, but even more of their staff, who chose to return. As with the thousands of New Yorkers – and those who came from other places to help in the aftermath of this horror – the reasons for their return were varied: Some returned to show that they couldn’t be beaten by mere terrorism, some came because they could not bear to sit at home, some came because they felt it was their duty, and others came, doubtless, for a multitude of other reasons, all appreciated.
No matter how indomitable their spirit, however, without preparation for disaster there can be no recovery. Disaster can come in a wide number of forms, of which the terrorist attack on the World Trade Center was as devastating as a major earthquake, hurricane, volcano, or fire.
While we have seen that some large corporations in the buildings had adequate backup and recovery plans, many medium and small companies had neither contemplated disaster, nor prepared for it. Even with experience and practice, disaster planning and crisis management is a complex and daunting task, and it is very easy to put off doing for any number of financial and psychological reasons. Yet, like insurance, it is critical: A recent study showed that after a data loss incident, of those businesses that had adequate backup, 85% were still in business 5 years later. Of those who had no backup, only 17% of those survived.
While you may think that disaster planning and crisis management is necessary only for large organizations, which is simply not the case. We have worked with major corporations as well as tiny businesses, and even if you are a one-man show there are things you can do. We advised one tiny business (in the World Trade Center, coincidentally) to at least do daily backups, and take them home. We ourselves have several offsite copies of all our records, in several different cities.
If you have given no thought to disaster recovery and crisis management, recent events should convince you of your imprudence. We would strongly urge you to call us, or others who understand the process, and begin planning and executing your plans, today.
If you have plans in place to meet these, and other kinds of disasters, we would equally strongly urge you to call us, or others who understand the process, and have an outside audit done of your plans. The reason for this is that circumstances change, and your plans may no longer be appropriate for who you are or your current circumstances. In addition, an outsider may see things that you, on the inside, are no longer able to see.