Three CIOs discuss how a successful business continuity plan requires prioritization, awareness and testing Three CIOs discuss how a successful business continuity plan requires prioritization, awareness and testing Prioritize What You Protect Michael Rosello, SVP & CIO, Alliance Data: To really assess the effectiveness of a business continuity and disaster recovery plan, you’d need to invoke it, but you’d never want to do that. We’ve spent a lot of time over the past five years crafting every aspect of our plan–from making the process, methodology and technology investments that support business continuity to testing it in mock exercises. As a mid-market company, we have established many partnerships, and our partners have their own business continuity and disaster recovery processes, so we are continually revamping our plans to work with theirs. Our partners are just as critical to our continuity processes as our own business units. Ultimately, a plan is only as good as all the people who go along with it. We conduct a business impact analysis on our environment to prioritize the most critical components and test those. When you work with multibillion-dollar enterprises that have lots of moving parts spread over the country, you can’t test everything. Even though we do quarterly tests and feel as an organization that we have accounted for everything, there is always going to be a level of uncertainty. The only way to know you are prepared is to go through an actual disaster. Raise Awareness and Manage Expectations Scott Carl, CIO, Parsons: Our engineering and construction business focuses on what we call business resiliency services. With the types of infrastructure projects we design and build, climate change will affect our customer assets. Some failures will result from a catastrophic event like Hurricane Sandy, and others will be caused by wear and tear due to chronic adverse weather conditions. Our objective is to incorporate resiliency into the assets that we design, build and operate for our customers. We maintain data in the field as well as in our data centers, and we do a lot of engineering and CAD work with customers through joint ventures. Our business continuity efforts support those services so that we can recover and continue to work on projects just as we can with our enterprise services. Our external customer focus informs what we do for our internal IT services. We work directly with the business on recovery expectations, as some areas are more critical than others and require faster recovery. Emphasizing awareness and education with business leadership is essential. We established a business continuity governance team with representatives from all of our business units and corporate leadership ranks. Through regular meetings, we plan business continuity efforts that factor in the safety of our personnel and the continuity of IT and business services. Don’t Make Business Continuity a One-Time Event Darren Dworkin, CIO & SVP of Enterprise Information Systems, Cedars-Sinai Medical Center: We are rapidly moving toward electronic systems, and a particular challenge for us as a 24/7 healthcare facility is not unplanned downtime so much as planned downtimes to perform upgrades and to do routine maintenance. We very rarely have the luxury of turning systems off the way that some other industries do; it’s just not the nature of our work. At the core of our IT operations are redundant systems that function both as fail-safe backups in case something goes wrong and as full working versions of production systems. By leveraging these copies, we can give ourselves maintenance windows. The key is to not approach business continuity as a dreaded one-time, unplanned event. We weave business continuity into our planning by using our backup systems as often as we can. Very recently, we upgraded one of our core systems, and rather than present our users with downtime, we performed a planned failover to our backup and disaster recovery platform so our users could continue to operate while we upgraded the primary nodes. This is really what business continuity is about–integrating business continuity plans into our operations so that we are not relying on them solely when we need them. Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn. Related content opinion Website spoofing: risks, threats, and mitigation strategies for CIOs In this article, we take a look at how CIOs can tackle website spoofing attacks and the best ways to prevent them. By Yash Mehta Dec 01, 2023 5 mins CIO Cyberattacks Security brandpost Sponsored by Catchpoint Systems Inc. Gain full visibility across the Internet Stack with IPM (Internet Performance Monitoring) Today’s IT systems have more points of failure than ever before. Internet Performance Monitoring provides visibility over external networks and services to mitigate outages. By Neal Weinberg Dec 01, 2023 3 mins IT Operations brandpost Sponsored by Zscaler How customers can save money during periods of economic uncertainty Now is the time to overcome the challenges of perimeter-based architectures and reduce costs with zero trust. By Zscaler Dec 01, 2023 4 mins Security feature LexisNexis rises to the generative AI challenge With generative AI, the legal information services giant faces its most formidable disruptor yet. That’s why CTO Jeff Reihl is embracing and enhancing the technology swiftly to keep in front of the competition. By Paula Rooney Dec 01, 2023 6 mins Generative AI Digital Transformation Cloud Computing Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe