At the one-year anniversary of the attacks on the World Trade Center, reevaluations of public safety policies will be as visible as FDNY baseball caps. Less celebrated but no less important will be the ongoing efforts of businesses to make sure that a future disaster of that magnitude, whatever the cause, proves far less disruptive to operations.
Most companies have overhauled their contingency plans, albeit not with the sense of urgency one might expect. It remains unclear whether companies are willing to spend more money to ensure that their operations can be restarted elsewhere should some form of interruption occur. That raises the question, if 9/11 hasn’t prompted companies to take business continuity seriously, what will?
Certainly it is being taken very seriously in the financial services world. At the Board of Trade Clearing Corp. (BOTCC) in Chicago, which acts as a guarantor of futures and options traded on the Chicago Board of Trade and the MidAmerica Commodity Exchange, the heightened interest in business continuity has taken several forms. Foremost among them, and relevant to every company, is its ideas about just what constitutes a “disaster.”
Brett Paulson, senior vice president and CIO at the BOTCC, says that prior to 9/11 his organization tested its disaster-response capabilities about eight times a year. It still maintains that schedule, but now it tests for a much greater range of scenarios. “In the past, we limited ourselves mostly to problems at our own site,” he says, “but now we’ll test for things like a disaster striking metropolitan Chicago, to see how we’d respond to telecom outages, disruptions in transportation — all the things that go beyond simply protecting the data in the data center.”
The need to address a range of issues beyond the data center is why “business continuity” has replaced “disaster recovery” as the preferred term for post-crisis response: it’s no longer enough to “recover” data at a backup site or via some other means. Businesses now understand that to weather any sort of storm successfully they must address manpower availability and productivity, financial issues such as lines of credit, public/private sector cooperation, and much more besides.
That may be why companies have so far spent more time and money concocting plans than arranging for traditional methods of disaster recovery, such as subscribing to third-party backup sites. Cynthia Doyle, an analyst at IDC, in Framingham, Mass., says that “spending has indeed picked up on the consultative side of the business, but in a down economy [many] are not willing to pay for outsourced business-continuity services.”
That’s not good news for companies like SunGard Availability Services, which would have seemed a good bet to see business boom following last year’s attacks. But revenue for its most recent quarter is up only 9 percent once its acquisition of Comdisco Inc.’s business-continuity services is excluded, and the previous quarter’s revenues were up 11 percent. “Awareness of the issue has increased since last September,” says SunGard Availability Services CEO Jim Simmons, “particularly the idea that companies must orchestrate recovery for every point along the continuum.” But in the current economic climate, there has been no stampede toward backup services such as remote data centers.