How CIOs Prepare for the Worst
Three CIOs discuss how a successful business continuity plan requires prioritization, awareness and testing
Mon, February 24, 2014
CIO — Three CIOs discuss how a successful business continuity plan requires prioritization, awareness and testing
Prioritize What You Protect
Michael Rosello, SVP & CIO, Alliance Data: To really assess the effectiveness of a business continuity and disaster recovery plan, you'd need to invoke it, but you'd never want to do that. We've spent a lot of time over the past five years crafting every aspect of our plan--from making the process, methodology and technology investments that support business continuity to testing it in mock exercises.
As a mid-market company, we have established many partnerships, and our partners have their own business continuity and disaster recovery processes, so we are continually revamping our plans to work with theirs. Our partners are just as critical to our continuity processes as our own business units. Ultimately, a plan is only as good as all the people who go along with it.
We conduct a business impact analysis on our environment to prioritize the most critical components and test those. When you work with multibillion-dollar enterprises that have lots of moving parts spread over the country, you can't test everything.
Even though we do quarterly tests and feel as an organization that we have accounted for everything, there is always going to be a level of uncertainty. The only way to know you are prepared is to go through an actual disaster.
Raise Awareness and Manage Expectations
Scott Carl, CIO, Parsons: Our engineering and construction business focuses on what we call business resiliency services. With the types of infrastructure projects we design and build, climate change will affect our customer assets.
Some failures will result from a catastrophic event like Hurricane Sandy, and others will be caused by wear and tear due to chronic adverse weather conditions. Our objective is to incorporate resiliency into the assets that we design, build and operate for our customers.
We maintain data in the field as well as in our data centers, and we do a lot of engineering and CAD work with customers through joint ventures. Our business continuity efforts support those services so that we can recover and continue to work on projects just as we can with our enterprise services.
Our external customer focus informs what we do for our internal IT services. We work directly with the business on recovery expectations, as some areas are more critical than others and require faster recovery.
Emphasizing awareness and education with business leadership is essential. We established a business continuity governance team with representatives from all of our business units and corporate leadership ranks. Through regular meetings, we plan business continuity efforts that factor in the safety of our personnel and the continuity of IT and business services.