Planning for the worst

Information Management Journal, May/Jun 2003

At 5:00 p.m. on Thursday, March 27, one of several tornadoes that touched down in the Miami area hit an Archive America facility. The facility, which is staffed 24 hours a day, 7 days a week, 365 days a year, sustained some damage to its roof, related vehicles, and power lines.

Fortunately, no one was injured, disaster recovery teams were deployed quickly, and a company spokesperson reported that 100 percent of the records affected were recoverable.

Would your organization be as lucky? The fact is, it is not a matter of if a disaster or emergency will hit your organization, but of when. Are you prepared?

Last year, Gartner analysts reported that less than 25 percent of Global Fortune 2000 businesses have invested in comprehensive business continuity planning. In a 2002 study, the research group found that only 35 percent of small and midsize businesses have a comprehensive disaster recovery plan in place and fewer than 10 percent have implemented crisis management, contingency, business recovery and business resumption plans. According to survey results released by Gartner's Executive Programs and the Society for Information Management, "most companies are unprepared for terrorist attacks or natural disasters and would be unable to quickly and smoothly execute basic business continuity measures." If you can count your organization among this group, these statistics should shock and frighten you.

In this issue of The Information Management Journal, we emphasize the critical importance of disaster planning and business continuity plans. As many organizations that have experienced a flood, fire, theft, or even terrorist attack can tell you, having a comprehensive, effective, and well-tested disaster or business continuity plan in place may mean the difference between your business functioning as usual and not functioning at all.

In "Prepared or Not ... That Is the Vital Question," Barb Rike, CRM, offers guidance on creating a disaster plan for your organization and its records and information. Jean Barr, CRM, recounts in a case study how the law firm Sidley Austin Brown & Wood was able to recover from a direct hit at the World Trade Center on September 11, 2001, with its employees and vital records intact.

Today, risk management encompasses more than just disasters and emergencies. Disaster planning and business continuity plans also must take corporate ethics into account. J. Edwin Dietel's article, "Recordkeeping Integrity: Assessing Records Content After Enron," explains that while records' form and format are important, the quality of content is taking center stage. Because of Enron and the Sarbanes-Oxley Act of 2002, Dietel writes, records managers need to become even more aware of valuing their primary subject matter - the information content of their corporate records.

Shanna Groves' article, "The Unlikely Heroes of Cyber Security," addresses issues that many RIM professionals are just beginning to recognize as major threats: computer viruses, privacy breaches, and other cyber hazards that can devastate an organization's vital information. According to the Computer Security Institute's 2002 Computer Crime and Security Survey, 90 percent of respondents had detected computer security breaches within the previous year, and 80 percent reported financial losses because of them. If your organization has not yet taken a close look at protecting its information assets from probable cyber attacks, it should do so right away.

Whether from a natural disaster or an unimaginable event such as a terrorist attack or a cyber attack, your organization's records and competitive intelligence are at risk each and every day. If you don't have a proven, comprehensive, and effective disaster and business continuity plan already in place, doing so now may mean the difference between your organization's survival and failure in the future. Don't become a statistic.