In case of emergency, activate business continuity plan

Gemstar-TV Guide International hired Ed Sullivan to direct Business Continuity Services in 2003, soon after an audit found that TV Guide’s infrastructure was essentially unrecoverable in the event of a sustained crisis. There was a time when Sullivan’s first stop for addressing the issue would have been IT and the datacenter. But times have changed -- Sullivan first conducted several weeks of meetings with senior executives and various business unit executives to talk about the company’s business processes. “The fact that I work for the CIO is almost irrelevant,” Sullivan says. “I’m there to provide recovery for the business units.”

Assessing potential impact to the business before crafting a business continuity plan is not new, but the trend is picking up steam as technology becomes more tightly bound up with ongoing operations and overall success. “Take just-in-time inventory,” says Jim Grogan, vice president of consulting product development at SunGard Availability Services. “It would not be possible without the technology to enable it. But it’s a business decision to manage operations differently, and its success means literally billions reinvested in the business.”

Another reason to start with a business-impact analysis is that technology underpinnings are not as clear-cut as they once were. “We used to think that if we brought up the datacenter after a disaster, we’d be OK,” says Fred Dillman, CTO of Unisys. “But with servers all over the world and laptops, desktops, and other devices playing such an important role, bringing up a datacenter is no longer enough, and it’s simply not feasible to bring up everything. You have to know which business processes and their underlying technologies are critical to your goals.”

Hidden dependencies are becoming more common. “Often, the application that was deployed two years ago with ‘Yeah, let’s give this a try,’ is now silently driving 15 percent of revenue,” SunGard’s Grogan says.

Click for larger view.

Recent regulations such as Sarbanes-Oxley, as well as natural and man-made hazards now firmly rooted in reality, have made analyzing the business risks of technology failures and disasters critical. “Before Katrina, few companies had given much thought to what would happen if an entire city was out of commission,” says Michael Porier, director of Protiviti’s technology risk practice.

The risks to revenue and market capitalization are higher than ever. “Today you need to prevent an outage because if you get a customer service black eye, you’ll pay a price on Wall Street,” Grogan says.