An amazing variety of disasters can beset an organization’s business operations. They fall into two main categories: natural and man-made.
After reading this section, you should no longer be skeptical about the need for Business Continuity Planning and Disaster Recovery Planning.
In many cases, formal methodologies are used to predict the likelihood of a particular disaster. For example, 50-year flood plain is a term that you’ve probably heard that’s used to describe the maximum physical limits of a river flood that’s likely to occur in a 50-year period. The likelihood of each of these disasters depends greatly upon local and regional geography:
Fires and explosions
Hazardous materials spills
Earthquakes
Storms (snow, ice, hail, prolonged rain, wind)
Floods
Hurricanes, typhoons, and cyclones
Volcanoes and lava flows
Tornadoes
Landslides
Avalanches
Tsunamis
Pandemics
Many of these occurrences may have secondary effects, and often it’s these secondary effects that disrupt business operations, sometimes in a wider area than the initial disaster (for instance, a landslide in a rural area can topple power transmission lines that results in a citywide blackout). Some of these ramifications are
Utility outages: Electric power, natural gas, water, and so on
Communications outages: Telephone, cable, wireless, TV, and radio
Transportation outages: Road, airport, train, and port closures
Evacuations/unavailability of personnel: From both home and work locations
The terrorist attacks in New York, Washington, D.C., and Pennsylvania - and the subsequent collapse of the World Trade Center buildings - had Disaster Recovery Planning and Business Continuity Planning officials all over the world scrambling to update their plans.
The attacks redefined the limits of extreme, deliberate acts of destruction. Previously, the most heinous attacks imaginable were more on the scale of large-scale bombings such as the 1993 attack on the World Trade Center or the 1995 bombing of the Alfred P. Murrah Federal Building in Oklahoma City.
The collapse of the World Trade Center resulted in the loss of life of 40 percent of the employees of the Sandler O’Neill & Partners investment bank. Bond broker Cantor Fitzgerald lost 658 employees in the attack - nearly their entire workforce. The sudden loss of a large number of employees had never been figured into BCP and DRP plans before. The previously unheard-of scenario, “What do we do if significant numbers of employees are suddenly lost?” had to be figured into contingency and recovery plans.
In traditional BCP and DRP plans, there were nearly always plenty of insiders around to keep the business rolling; they might be delayed by weather or other events, but eventually they’d be back to continue running the business. The attacks on 9-11 changed all that forever.
If natural disasters weren’t enough, several other things can disrupt business operations, all as a result of deliberate acts.
War and terrorism: Bombings, sabotage, and other destructive acts
Cyber attacks: DOS, malware, and similar acts
Civil disturbances: Riots, demonstrations, strikes, sickouts, and other events