For a country prone to disasters, from natural and man-made to technology-based, a surprising number of companies have unacceptable plans in place to deal with them, according to experts at the recent World Conference on Disaster Management in Toronto. And, while IT is only a portion of the solution, it can play an important role in mitigating risk.
“Constraints and restraints keep us at the lower part of the organization,” said Neil Simon, president of Incident Mitigation LLC. “We are technical experts, not salespeople.” He added that IT has to take some initiative to learn to sell disaster planning to management.
Bob Plaseski, a senior director at ZANTAZ Canada in Ottawa, said one way to get management’s ear is to point to legislation such as Sarbanes-Oxley and U.S. Securities and Exchange Commission requirement 34-49537, which states that business on the stock exchange must have a business continuity plan.
But getting top management’s ear is not always easy. Simon said the key is to identify which executives are friend, foe or on the fence, and understand your stakeholder target. But to do this IT must understand the organization’s direction, business functions and political structure. “You’ve got to work within the system,” he said.
This is often achieved by actually setting up time to talk to executives about disaster planning, and though you won’t always get as high as the CEO, “you can get close enough,” he said. “Often times they’ll talk to you about these things but never talk to each other,” he said.
One specific area often overlooked – which can be used as leverage for internal talks – is e-mail. About 50 per cent of companies don’t have an e-mail retention and retrieval policy, Plaseski said. Back-up tapes are no longer acceptable, he added.