Business continuity sites
In terms of business continuity sites, the most common discussion centers around the distance of a primary site from an alternate location.
Some practitioners believe that the primary and alternate business continuity sites should be within 20-30 miles in order to minimize employee travel, decrease communication costs, and ensure minimal recovery time for both business processes and information technology assets.
Others have taken the opposite viewpoint, arguing that regional disasters have caused widespread business interruptions that have affected an organization’s primary and alternate business continuity sites simultaneously.
Documented examples include the ice storms in Kansas City in 2001 and Quebec in 2000, as well as the terrorist attacks in New York City. Based solely on the experience in New York, the SEC, Federal Reserve and the OCC teamed to issue new regulations focused on 9/11 lessons learned one of which was geographic separation. Here is an excerpt from this white paper:
The systemic effects highlighted several important vulnerabilities that may not have been widely appreciated prior to September 11. First, it was clear that business continuity planning had not fully taken into account the potential for wide-area disasters and for major loss or inaccessibility of critical staff.
Contingency planning at many institutions generally focused on problems with a single building or system. Some firms arranged for their backup facilities to be in nearby buildings on the assumption that, for example, a fire might incapacitate or destroy a single facility.
Very few planned for an emergency disrupting an entire business district, city or region. As a result, some firms lost access to both their primary and backup facilities in the aftermath of the September 11 events, severely disrupting their operations. Institutions also generally had not considered the possibility that transportation of personnel could be significantly disrupted and preclude the relocation of staff to alternate business continuity sites.
Based on this experience, the white paper initially mandated a geographic separation (greater than 170 miles) for critical components of the U.S. financial system:
In light of the September 11 experience, most now believe that the financial services industry must consider how to achieve greater geographic diversity of operations in order to withstand events of greater geographic scope than previously considered.
Many now see the need to plan for extended periods of inaccessibility of more than one operating business continuity site within the same area. City-wide disruptions may be the minimum benchmark for planning purposes going forward, and the ability to withstand disruption of an entire metropolitan area or region also is being considered by some organizations.
However, the final version struck the distance mandate, citing:
The agencies do not believe it is necessary or appropriate to prescribe specific mileage requirements for geographically dispersed backup sites. It is important for firms to retain flexibility in considering various approaches to establishing backup arrangements that could be effective given a firm’s particular risk profile.
However, long-standing principles of business continuity planning suggest that backup arrangements should be as far away from the primary site as necessary to avoid being subject to the same set of risks as the primary location.
Backup sites should not rely on the same infrastructure components (e.g., transportation, telecommunications, water supply and electric power) used by the primary business continuity site. Moreover, the operation of such sites should not be impaired by a wide-scale evacuation at or the inaccessibility of staff that service the primary business continuity site.
The effectiveness of backup arrangements in recovering from a wide-scale disruption should be confirmed through testing.
For larger organizations that are wrestling with the idea of where to place alternate workspace or data centers, below is a breakdown of the advantages of a nearby location compared to some of the continuity-related risks that this strategy may introduce.
• Employees will incur minimal additional travel time following business interruptions; additional company travel costs will be minimal as well.
• Employees will be better positioned to handle both family and work considerations following a disaster given minimaladditional time away from home.
• Regular, full-time employees can still work at a nearby location following the interruption.
• Mass transportation may be affected in such a way as to prohibit employees from traveling to distant alternate sites (depends on geography and home location of employees); hence, nearby recovery locations may be preferable.
• Communication costs associated with data replication due to short distance will be minimal.
• Some technology and communication assets will be unable to perform in a high availability manner beyond short distances.
• Local business suppliers may have an easier time routing their shipments to a closer location rather than one farther away.
• Temporary employees may be required at a distant location (unless operations are already dispersed).
• Naturally occurring threats (e.g., fires, floods, high winds and ice) could affect all facilities in a given region.
• Man-made threat scenarios could affect both primary and alternate facilities (e.g., terrorism, toxic chemical spills, etc.).
• Quarantine or ‘no-go’ areas may affect both the primary and alternate facilities.
• Mass transportation may be affected in such a way as to prohibit employees from traveling to local alternate sites (depends on geography and home location of employees).
• Utility failure (i.e., electricity, natural gas, water and telecommunications) could affect both the primary and alternatefacilities.
• Mass illness or other health-related risks could affect a significant number of employees in a given region (bio-terrorism or naturally occurring illness).
• Supply-chain interruptions (to include vendors supplying recovery resources) caused by regional transportation issuescould affect both locations.
Many of these advantages may be present for geographically dispersed recovery solutions if employees are dispersed to both locations.
Business continuity sites should be carefully selected