In order to have multiple Gartner analysts blog on the topics of BCM and IT DRM, all further postings will be on the Gartner Business Continuity Management Blog
Category: Uncategorized Tags:
Roberta J. Witty
Research VP
11 years at Gartner
33 years IT industry
Redirecting Future Blog Posts to the Gartner Business Continuity Management Blog
by Roberta J. Witty | August 30, 2010 | 1 Comment
What Actions Are Your Firm Taking in Reaction to the Air Travel Shutdown in Europe?
by Roberta J. Witty | April 16, 2010 | 6 Comments
The volcano eruption in Iceland that is currently spewing volcanic ash into the atmosphere is now shutting down air travel across Europe. Business travel is greatly disrupted in a number of areas: meetings, conferences, sales calls and so forth are being put on hold or cancelled altogether.
What is your organization doing to assess the impact? Are you tracking your traveling workforce and helping them find alternate travel arrangements? And making alternate business operations plans such as having non-impacted staff step in to take the lead? Do you even have a workforce continuity management program in place? (Gartner clients can read my research notes on the topic: Workforce Continuity Defined and Workforce Continuity: Best Practices for Workforce Management.)
Of even greater impact is the supply chain – critical goods may not be able to arrive when needed by the customer due to the cancellation of flights. Are you assessing your supply chain and determining the impact on meeting contractual obligations? Given that this a force majeure event, your business insurance coverage won’t apply most likely.
And what would happen in the US if something of this magnitude happened? The US doesn’t have the extensive ground transportation network that Europe does – at least for passenger travel. US firms would be impacted to an even larger extent most likely.
How many of you are looking to expand your remote work programs? How much of your business operations can be managed remotely? Ata minimum, senior executives not able to return to the office should be equipped with remote work capability such as PDAs and wireless Internet access for remote system access into your firm’s VPN. The Prime Minister of Norway is doing just that - Norway Prime Minister governs with the iPad. (Gartner clients can read our research notes on telecommuting and remote access: Gartner’s Telework Action Plan is Key to Successful Implementations and Critical Questions to Ask Your VPN Provider About Rapid Licenses Capability.)
Category: BCM and IT DRM Research Coverage Tags: Availability Risk, Business Continuity Management, Business Continuity Planning, Business Impact Analysis, Business Resiliency, Crisis Management, Disaster Recovery, Incident Management, IT Disaster Recovery, Mass Notification, Recovery Planning, Workforce Continuity
Closing the Recovery Gap (from John Morency)
by Roberta J. Witty | February 22, 2010 | 1 Comment
John Morency here again. For many organizations, simply completing the recovery of a set of mission-critical applications and data over the course of a test exercise is sufficient for declaring success. The elapsed time consumed for recovery completion, if measured at all, is often a secondary consideration. However, this definition of success is often at odds with the expectations of the business, which requires increasingly shorter and more predictable recovery times. Gartner refers to this difference between the expected and the actual as the recovery gap.
A mistaken impression is that the use of disk-to-disk replication instead of disk-to-tape for production data will be sufficient by itself for closing the gap. While the use of disk-to-disk replication is certainly necessary, especially as the amount of production data to be tested is measured on the order of terabytes, it is by no means sufficient. The timely recovery and restart of web applications, which are often distributed across several different types of computing platforms and have increasingly complex software and data dependencies resulting from this distribution, can often represent an even more significant test execution hurdle. This challenge becomes even more daunting for web services-based applications, whose execution dependencies are dynamically determined on a transaction-by-transaction basis.
Unfortunately, there are no simple solutions for this problem. However, Gartner has seen that an increasing number of client organizations are putting more of their recovery test focus on ensuring recovery test completion time consistency with stated RTO and RPO targets for a more limited set of mission critical applications, typically some or all of those that constitute Recovery Tier 1. Depending upon the steps required to close these recovery gaps, there may be related technology, test process and/or staffing changes that need to be made.
However, prior to making any changes, a rigorous critical path analysis of the test process may be required in order to accurately determine where the bottlenecks do or do not exist. Although there are an increasing number of recovery management software products that support this analysis, it can often be the case that the use of a well-known software tool such as Microsoft Project may be all that is required, at least to support a first pass analysis.
If your recovery team is facing the challenge of closing one or more recovery gaps, Gartner believes that it is in the best interest of the business to clearly communicate the existence of these gaps, along with a recommended approach for closing some or all of them over a specifically defined period of time. In these challenging economic times, the recovery team cannot be all things to all people, so it is in the team’s best interests to define, communicate, exercise and evolve an approach that is practical, achievable and sustainable.
Category: BCM and IT DRM Research Coverage Tags:
Pandemic Preparedness Planning: Is it Time to Stop?
by Roberta J. Witty | February 12, 2010 | Comments Off
Many people are asking the question: Why did we make such a big deal around the H1N1 pandemic – nothing much has happened? And now, the WHO is going to convene a team to determine if they can downgrade its importance. I think we all agree that it is a good thing if the H1N1 virus is waning – for this flu season anyway. And that’s the point – “for this season”: Organizations can’t take their eye off the preparedness planning ball for future potential pandemics. And don’t you think we’ve raised the bar as far as standard practices are concerned regarding personal and facility hygiene? Do you really think that cleaning services will stop wiping down the elevator push keys? I don’t.
Let me know what you think and some of the challenges that your organization had in trying to plan for the 2009-2010 H1N1 pandemic? Who pushed back on your efforts? I’ve heard anecdotally that human resources and legal departments did most of the pushback. Did you crisis communications programs mature because of the planning?
Comments Off
Category: BCM and IT DRM Research Coverage Tags:
Recovery in the Cloud : How Soon? (from John Morency)
by Roberta J. Witty | February 8, 2010 | 4 Comments
The delivery of cloud services for IT operations backup, recovery and restart is a potentially significant market opportunity for a whole new generation of providers, in addition to the more established players such as HP, IBM and SunGard Availability Services. This is evidenced in the significant increase in the related client inquiry volume that we have been seeing along with the results from the polling conducted in several recent Gartner Data Center Summit sessions.
As a result, cloud-related research was a major topic during our most recent set of recovery and continuity content planning meetings for 2010. One particularly hot topic was the extent to which cloud services could become a one-stop solution for midsized business that are already stretching their in-house IT resources to the maximum.
Today, the recovery and continuity management approach of choice for many of these businesses is little more than the use of managed backup services. Coincidentally, this aligns very well with storage cloud providers’ sweet spots.
However, backed-up data is of little use if it cannot be restored. Compatible server and storage equipment, as well as a supporting data center, are also needed. This is one of the main reasons why so many small and mid-sized organizations feel that they are unprepared to fully recover. For this and other related reasons, recovery-in-the- cloud services that support managed backup, restoration, testing and operations failover can become one of the future bright spots in what is otherwise a largely dormant industry. One key reason is the “always-on” nature of the cloud, making both recovery and failover testing far more flexible and actionable than is currently the case with more traditional shared subscription services. However, this service segment is extremely nascent and unfortunately its potential benefits are currently shrouded by far more questions than concrete answers at this point.
Would this class of cloud service be of interest to your organization? If so, what service functionality, price points and provider maturity would be needed in order to get your attention?
Category: BCM and IT DRM Research Coverage Tags: Availability Risk, BCM, BCP, Business Continuity Management, Disaster Recovery, IT Disaster Recovery, Recovery Planning
How does social media help or hinder recovery efforts?
by Roberta J. Witty | January 20, 2010 | 3 Comments
Social media can be a great boon during a crisis for personal purposes. Just today I heard of a Haitian teenager who sent a text message to her aunt (I believe in the US) saying that she was alive but without a home. This text message could save her life as support organizations were notified and started to take action in finding the girl.
But does social media help or hurt private enterprises and governments and their partners during a crisis? On the positive side, you get direct input from many quarters – those directly involved in the event and those not. On the negative side, you have no way of validating the information sent on social media forums and some posts may actually harm the enterprise or hinder rescue efforts –panic can ensue based on false information, or comments may wrongly harm the reputation of the enterprise.
As many of my colleagues have stated: social media is here to stay – enterprises need to get over it and start embracing it their operations. But how does one do that during a crisis? One immediate action that enterprises need to do is set up a social media monitoring program as part of a BCM program. False or inaccurate comments can be immediately refuted so that problems are not created. Another action is to make social media forums an endpoint in your emergency notification process – not only send crisis communiqués by voice message, email and text, but post these messages to enterprise-sanctioned social media forums.
How is your organization embracing social media in the BCM program? What are examples of how your organization has been successful in doing so?
Category: BCM and IT DRM Research Coverage Tags: Availability Risk, BCM, Business Continuity Management, Business Continuity Planning, Business Resiliency, Continuity of Operations, Crisis Management, Disaster Recovery, Emergency Notification, Emergency Preparedness, Incident Management, Operational Risk Management, Recovery Planning, Resiliency, Risk Assessment
Why BC and Supply Chain Managers Must Follow the Price of Oil
by Roberta J. Witty | January 13, 2010 | 1 Comment
As much as you might not want to believe it, or know what to do about it, the price of oil is intricately involved in how our global economy works. Everything we do – outside of isolated civilizations – is dependent on oil, from getting to work every day, to shipping raw materials and finished goods, to running the factories and office buildings that provide us our livelihood. Our current business models have been built upon the notion of cheap oil, and few companies are thinking about what happens when oil is no longer cheap – which well might occur in our lifetimes.
Many independent energy experts say that alternative energy and new scientific discoveries for turning shale, waste water, biomass etc. into the amount of energy we need to run our current lives is magical thinking. We don’t have the alternative energy generation infrastructure already in place to run our economy at current levels. And, we can’t possibly have it in place in the timeframe and at the supply levels needed because it takes oil to develop and maintain those systems. What runs the backhoe to dig the wind turbine site foundation, the trucks, trains and airplanes to get solar panels to the site, the furnaces to keep the factory heated during winter, the power systems that provide electricity to run those factories and so forth? OIL!
According to the experts, we are close to, or even past, the midpoint of how much oil we can safely and economically extract from the ground. Therefore, oil shortages, and price spikes, are in our future. As a result, there are social and political implications, not to mention nation state implications – China will be a huge consumer of oil to run their expanding economy and can easily run up the price of oil and make it out of reach for poorer nations. The cheap oil business model is not sustainable in the long run. Strategically, businesses must become less dependent upon the global supply chain.
In order to become less dependent on a supplier half way around the globe, supply chain managers must redesign the product fabrication and logistics processes to include local suppliers. In doing so, you help the economy in the process by creating jobs at home and stopping the blight of small towns. Large, big box retailers must start buying/leasing local, existing real estate and put in place mini stores instead of building brand new massive buildings. The franchise model could then be used to further ignite the local economy. Yes – we will be paying more for goods in a local supply chain business model.
BC managers must be aware of the added risk of a local supply chain: local suppliers are likely to experience the same regional disaster as you do, making it harder for the business to continue during such a crisis. Therefore, businesses need to:
1. Include the supply chain in the development of recovery time frames.
2. Brush off your business resumption plans – the manual and non-technical workaround procedures – that allow some part of the business process to continue when a business interruption occurs.
If you don’t start addressing the oil price issue now, you could risk going out of business in the near future.
Are you following the price of oil as part of your BCM program? If not, why not?
Category: BCM and IT DRM Research Coverage Tags: Availability Risk, BCM, Business Continuity Management, Business Continuity Planning, Business Impact Analysis, Business Resiliency, Contingency Planning, Continuity of Operations, COOP, Disaster Recovery, Operational Risk Management, Recovery Planning, Resiliency, Risk Assessment, Workforce Continuity
Have You Had Your Swine Flu Tonic Today?
by Roberta J. Witty | January 12, 2010 | Comments Off
My local ACP meeting had a great program today – Don Byrne from North River Solutions provided an update on the PS-Prep program, the differences between the three proposed standards – NFPA 1600-2007, ASIS SPC.1-2009 and BS 25999 and all the machinations of getting a program through the ANAB accreditation process.
I ALSO had the pleasure of trying a new refreshment: Swine Flu Tonic from Avery Soda in New Britain, CT – www.averysoda.com. It’s a hoot!! The label says “I Survived Swine ’09″. A very flavorful lemon and ginger concoction that doesn’t provide any medicinal value (says so right on the label); rather it does provide some levity on a topic that continues to get some bad press and resignation – JUST because many of us followed all the rules put out by the CDC, Gartner and others.
Don’t you find it interesting that when an event turns out to be a bust, no one thinks it’s because we took as much action as we could to mitigate the risk?
Comments Off
Category: BCM and IT DRM Research Coverage Tags: Availability Risk, BCM, Business Continuity Management, Business Continuity Planning, Business Resiliency, Contingency Planning, Continuity of Operations, COOP, Emergency Preparedness, Pandemic Planning, Recovery Planning, Resiliency
BCM Planning Tools and The EMC/Archer Acquisition
by Roberta J. Witty | January 6, 2010 | 1 Comment
Happy 2010! Personally, I’d like a do-over for the last six months of 2009 – ironic, but I might have had H1N1, but most folks would prefer a do-over starting mid-2008. Life goes on and WOW! – has 2010 started with some big acquisition news. Not only has Gartner made a few acquisitions (AMR Research and the Burton Group), but EMC just announced their acquisition of Archer Technologies. For many BCM professionals, you might not know that Archer has a BCM planning module. But they do and it’s integrated with their other GRC and IT security modules, making it one of the few operational risk tool suites that cover BCM. FYI – we define a BCM planning tool as one that has capability to conduct an availability risk assessment and business impact analysis (BIA) as well as provide recovery plan development and management, including all the necessary database components such as business and IT interdependency mapping, asset inventory, human resource inventory and so forth.
In 2010, my colleague Tom Scholtz and I will be publishing an analysis of the BCM planning tool market – covering many of the pure play vendors as well as operational risk tools that include BCM planning.
We’d like to know what you think – are there advantages in going with a suite versus a pure play BCM planning tool? What is your preference and why?
Category: BCM and IT DRM Research Coverage Tags:
How Are You Deciding When to Invoke Pandemic Plans?
by Roberta J. Witty | October 30, 2009 | Comments Off
I am doing some research regarding when an organization should invoke their pandemic preparedness plan(s) from a business operations perspective. I’m not talking about the personal hygiene/medical aspects, but the business operations impact view. Tell me how your firm is handling the issues expressed in the questions below.
1. How do you determine when to invoke pandemic preparedness plans such as workforce isolation and social distancing? Is it by absenteeism rate? Some other data point? If absenteeism rate, are you monitoring the change between the normal rate of say 5-7% and the pandemic influenced rate?
2. How are you invoking your plans – by enterprise, by location, by department? Are you conferring with your pandemic crisis management team in doing so?
3. How do you determine when you will issue a stand down order?
Comments Off
Category: BCM and IT DRM Research Coverage Tags: Availability Risk, Backup and Recovery, BCM, BCP, BIA, Business Continuity Management, Business Continuity Planning, Business Impact Analysis, Business Resiliency, Contingency Planning, Continuity of Operations, COOP, Crisis Management, Data Protection, Disaster Recovery, Emergency Notification, Emergency Preparedness, Incident Management, IT Disaster Recovery, Mass Notification, Operational Risk Management, Pandemic Planning, Recovery Planning, Recovery Plans, Resiliency, Risk Assessment, Workforce Continuity
