Allstate Insurance Co. is in the business of being prepared for the worst.
But in the wake of the unprecedented destruction from terrorist attacks in New York and Washington, the insurance company found itself with its Manhattan office in ruins and 95 agents without phones or network connections. Like many companies displaced by the disaster, Allstate turned to a prewritten emergency plan with an outsourcer—in its case, IBM—to get back in business.
“IBM even rented a truck in Rochester, Minn., and drove equipment to where it needed to go,” said an Allstate IT spokeswoman. “We had a process in place to get them to remote locations, and we had a LAN in a box that gives them everything they need to get into the Allstate network and get into our business environment immediately.”
As similar business continuity plans were invoked across Lower Manhattan in the wake of the terrorist assault, IT organizations less directly affected by the disaster have started to dust off their plans—if they have them—or are beginning to think about putting such plans in place.
A host of outsourcers and professional services providers are available to help, offering disaster recovery and business continuity planning services. The services companies report steady engagements helping those companies that were displaced by the terrorism and those that just want to be ready.
At Computer Sciences Corp., the Service Restoration Team spent much of last week assessing the scope of CSCs clients outages and notifying appropriate team members. Once that is done, “we schedule a meeting to develop a service restoration plan,” said Bill Bancroft, senior vice president at CSC, in Flemington, N.J. “During that process, we bring in all appropriate subject matter experts, and then we do everything we can to restore elements.”
In advance of bringing in remote team members, escalation procedures are predefined, contact information for team members is listed and available, and a set number of conference bridges are created. Other conference bridges are predefined and allow the SRT to communicate with clients and with any additional technical expert as needed.
CSC and rival Electronic Data Systems Corp. both provide disaster recovery help, ranging from locating new office space to providing supplemental staffing.
“In disasters like this one, we help relocate to new offices, get new equipment and desktops in place, get applications restored. Weve dispatched a significant number of people either to the scene or to various locations where we help through dial-in and other communication links to advise and counsel,” said Rebecca Whitener, director of security privacy services at EDS, in Charlotte, N.C.
Having priorities already defined, roles and responsibilities preassigned, knowing what facilities are in place, and identifying key applications to be restored can save time and money. “The better the plan, the less cost to execute it,” Whitener said.
“You dont have to spend a lot of money to have good procedures in place,” said Gary Bronson, enterprise operations manager at Washington Group International Inc. and an eWeek Corporate Partner. But the amount of money spent is in direct proportion to the amount of downtime business managers are willing to sustain.
“If I had a catastrophic problem, where my data center just blew up, how long would it take me to rebuild? If it could all happen in 48 hours, that would be very impressive,” said Bronson, based in Boise, Idaho. “Right now, it would take up to a week. We have to improve on that, but its got to be funded by the business. Its the responsibility of IT to say, Heres the cost for getting us up and running in three days, and heres the cost for getting us up and running in a week.”
How quickly infrastructure and mission-critical applications are restored depends on several factors. EDS goal in its service is to restore critical applications within 36 to 48 hours.
Unisys Corp., which offers similar services, was able to restore the trading floor infrastructure for one of its financial services clients overnight, according to officials at the Blue Bell, Pa., company. “We configured a 150-person trading floor overnight in New Jersey. We had to configure the PCs and set them up on the network. Its ready to go when the traders arrive,” said Unisys spokesman Brian Daly.
Gartner Inc. estimates that 60 percent of U.S. companies are underprepared for disasters, according to a report published last month by the Stamford, Conn., research and consulting company.
IBMs Business Continuity and Recovery Services unit last week had as many as 130 customers like Allstate lined up to get help restoring critical systems and applications, as the number of calls increased throughout the week. IBM created a central call point for all of its resources to help customers recover. “Were making all the labs, the research organizations, product divisions, inventory waiting to go somewhere and … the finance organizations inventory-in-transit available,” said Todd Gordon, general manager of the unit, in Somers, N.Y.
The disaster created a need for 7 million square feet of office space. IBM responded by opening up its excess square footage in New York, New Jersey and Connecticut to customers, providing desktops and connectivity in those locations, Gordon said.
There is a difference between business continuity plans and disaster recovery plans. “A business continuity plan involves taking time upfront to understand what the critical processes, applications and services are,” said Tom Carroll, global director of business continuity services at CSC, in El Segundo, Calif.