3.6 External Emergency Services 129
Chapter 3
responsible for all liaison activities between the agency’s recovery coordina-
tors and other team leaders.
3.5.8.2 Team Members
The skills and abilities of the combined team members must cover a wide
range of responsibilities, many of which are dictated by the business func-
tion(s). Ideally, team members are supervisors who can effectively invoke a
business unit’s recovery process in the event of a disaster. Team members are
responsible for researching their respective parts of the plan and for meeting
deadlines. It is recommended that one team member serve as a scribe to cre-
ate the plan documentation. If the plan is executed, the scribe maintains a
log of recovery activities and expenses. Also, one team member should be
responsible for maintaining any offsite storage.
3.6 External Emergency Services
Your DRP and BCP will rely principally on key members of management
and staff, who will provide the technical and management skills necessary
to achieve a smooth business recovery process. These handpicked, key
members of management or staff are responsible for the implementation
of the BCP in the event of an emergency. However, in the case of most
disasters, your employees and staff will need to rely on the help of outside
agencies for fire, police, and medical assistance. The September 11, 2001
attack on the World Trade Center in New York City tested the contin-
gency plans of American businesses and NYC emergency services to an
unanticipated degree.
Companies that had business continuity plans and contracts in place
with vendors of recovery services were able to continue business at alternate
sites with minimum downtime and minimum loss of data, and the alternate
facilities provided by the vendors were not overcrowded even in this largest
of disasters. Unfortunately, the massive loss of life and its dramatic impact
on coworkers, business processes, and communities was not anticipated.
After the events of September 11, 2001, organizations throughout the
world started to return to business as usual. They undertook the very neces-
sary review and revision of their business continuity plans and contracts. In
the aftermath of events like natural disasters, terrorism, and equipment
breakdown, businesses have recognized more than ever the need for an
organization to be prepared. Companies are striving to meet the demand
for continuous service. With the growth of ecommerce and other factors
130 3.6 External Emergency Services
driving system availability expectations toward a 24×7×365 standard, the
average organization’s requirement for recovery time from a major system
outage now ranges between two and twenty-four hours. This requirement is
pushed by the expectations an organization faces on all sides:
Customers expect supplies and services to continue—or to resume
rapidly—in all situations.
Shareholders expect management control to remain operational
through any crisis.
Employees expect both their lives and livelihoods to be protected.
Suppliers expect their revenue streams to continue.
Regulatory agencies expect their requirements to be met, regardless of
circumstances.
Insurance companies expect due care to be exercised.
Business survival necessitates planning for every type of business disrup-
tion, including the following:
Natural disasters
Hardware and communications failures
Internal or external sabotage or acts of terrorism
The failures of supply chain and sales affiliates
While such disruptions cannot be predicted, they can wreak havoc upon
the business, with results ranging from insured losses of replaceable tangi-
bles, to uninsurable capital losses, to customer dissatisfaction and possible
desertion, to complete insolvency. Some business disruptions, such as a hur-
ricane, may give advance warning. Others, such as terrorism, flash floods,
fire, and so forth, can strike without notice. In nearly every event, it is nec-
essary to have contact information for all external services readily available
to the recovery team members and posted throughout the organization so
the people who survive such catastrophes can easily find the information
they need. Remember, in many instances, people left on the ground after a
disaster are in shock and may not be thinking clearly. An emergency contact
list, such as the one shown in Figure 3.1, is essential.
Get Business Continuity and Disaster Recovery for InfoSec Managers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
