Anniversaries of major events – personal and public – trigger much reflection on what has changed since the event, and 9/11 is no different. I went back to my experience in the months following 9/11 to find nuggets of information about which to write regarding how 9/11 changed the ability of organizations to respond and recover from major business disruptions. Colleagues and I conducted many advisory sessions across the U.S. regarding business continuity management (BCM), IT disaster recovery management (IT DRM) and crisis/incident management (CIM). That lasted for about nine months and then there was a profound “thud” as most private enterprises of all sizes – small, medium and large – moved on to more pressing issues. I think most of them were not ready for the commitment required to turn their IT DRM programs – which most recovery programs were at that time – to full-fledged BCM programs that encompassed IT, the workforce, customers, partners, the supply chain and so forth. The areas where we did see some focus in the first few years after 9/11 are workforce resilience and crisis management. Obviously there were the exceptions, but overall we did not see a huge rush to BCM program maturity as a result of 9/11 in the private sector.
However, we did see a major change directly related to 9/11 on the federal, state and local government side. The formation of the U.S. Department of Homeland Security in 2002 started the ball rolling. DHS/FEMA has done a very good job in maturing the readiness of federal, state, local and tribal nation emergency operations, but it has taken years for DHS/FEMA to have an impact on private sector BCM programs. The focus on improved public/private sector communications through multi-state and national-level exercises (especially for the healthcare, financial services and public utilities sectors), the introduction of Ready.gov, and the Voluntary Private Sector Preparedness Accreditation and Certification Program (PS-Prep) are three influential changes for private enterprises.
Even though 9/11 did not have an immediate impact on BCM maturity, it did set up the framework for preparedness, response and recovery improvements since for both the public and private sectors. The majority of these improvements have been a result of the confluence of three areas:
- Increasing natural and man-made disaster events such as SARS, Hurricane Katrina, the bird and swine flu threats, the London and Mumbai bombings, the Iceland volcanic ash event, earthquakes in Haiti, Chile, New Zealand and Japan, oil spills, the global financial crisis of 2008, major ice and snow storms and so forth;
- Technology innovations such as Internet broadband in the home, the real-time infrastructure, virtualization, hosting/outsourcing, smartphones and tablets, social media and cloud computing; and
- Business operating practices such as regulatory changes in response to financial fraud, telework initiatives and outsourcing non-core competencies.
Without these changes to business and IT practices, many of the improvements we see today in BCM maturity would not be possible.
We have come a long way in BCM since 9/11 and we have a longer way to go for organizations of all sizes and operating models to be prepared from even the smallest, localized threat. Gartner is committed to your success in preparedness, response and recovery activities and continues to offer clients foundational and timely research in BCM and IT-DRM through our BCM key initiative for business and IT leaders. Take our maturity self-assessment called ITScore for Business Continuity Management to jump start your journey.
View Free, Relevant Gartner Research
Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.Read Free Gartner Research
Tags: availability-risk banking bcm bcp bia business-continuity-management business-continuity-planning business-impact-analysis business-resiliency compliance contingency-planning continuity-of-operations coop crisis-management data-protection disaster-recovery emergency-notification emergency-preparedness governance h1n1 homeland-security incident-management it-disaster-recovery mass-notification operational-risk-management pandemic-planning recovery-planning resiliency risk-assessment roberta-witty social-media supply-chain-risk-management swine-flu terrorism workforce-continuity
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.