|
Is Your Facility Ready for the Year 2000? A Fortune 100 company, having completed all Y2K remediation activities, was recently conducting a test at its "state of the art" facility. Suddenly a failure rendered all systems inoperable. After many hours of searching, the problem was found. A single PC in the control room had failed and brought down all systems in the entire building. This left the facility with no access to general infrastructure requirements, including security. The problem was an isolated incident that occurred on a weekend and therefore had minimal effect to the organization. Had the outage been during business hours, or if there had been multiple failures, there would have been severe consequences. Had this organization not met their target dates and failed to "test" their critical systems, it is possible that a single facility failure could have resulted in the organization’s inability to effectively service an entire country. Failure in any of the embedded systems has the potential of rendering a facility uninhabitable or significantly disrupting normal business operations. In an effort to minimize the effects of a year 2000 disruption, a Facility Business Continuity Plan (BCP) should be developed with objectives to: • Safeguard vital corporate assets The plan should be developed to recover, to "work-around" equipment and/or system failures, or to relocate to another facility. "At risk" equipment and systems should be identified and assessed by risk level (severe, major, or minor). The equipment and systems with the greatest importance to the organization should be prioritized. In the event equipment or systems failure disrupts operations, the BCP action plan will provide a process that will enable safe and effective recovery. Facility Business Continuity Plan The following action items should be in the BCP: Conduct a Risk Assessment Develop and Document a Recovery Team • Define Roles and Responsibilities--assign employees to specific roles on the recovery team. It is also necessary to assign an employee or multiple employees to maintain and update the BCP. • Determine Reporting Structure--develop notification and escalation procedures to implement a hierarchical structure with decision-makers. Determine Mitigation Activities Look for obvious problems and consider solutions to minimize the impact of the failure. Focus on those items identified and inventoried as having embedded computer chips. All Y2K teams will have an extensive applications inventory and more than likely a comprehensive inventory of hardware equipment. All of the equipment that was inventoried will have a risk level assigned. It is advisable to start the mitigation activities with those applications/hardware determined to have the highest risk of interrupting a mission critical business process. An example of a mitigation activity might include arranging to lease a new facsimile machine to replace an obviously old machine that will fail. Develop Action Plans Work-around procedures are detailed instructions for performing manual procedures in the case of a technology failure should show how to continue operations without the support of the failed equipment or system(s). Stockpiling extra inventory may be a mitigation measure that will enable the implementation of several recovery strategies. Develop and Document Plan for Relocation Relocation activities may be necessary if severe failure(s) renders the building inoperable. It may be an option to relocate to another company facility. Another option is to establish reciprocal agreements, which may allow the temporary use of a physical facility with limited failure to equipment and systems. It is also feasible that many small companies will relocate to a house in an effort to salvage their operations. At Time of Failure… Initiate Notification Procedures Follow the procedures for notifying management and the recovery team. Management must make decisions regarding costs associated with implementing recovery strategies. Determine appropriate roles and responsibilities of the recovery team to fit the situation. Initiate Recovery Strategies Refer to action plans for previously documented "work-around" procedures. If relocation is necessary, notify employees and begin the transition to a predetermined meeting place to resume operations. The transition to an alternative location may include moving and installing equipment, (hardware, software, communications, etc.) and notifying all parties involved (vendors, third party suppliers, etc.). Following Relocation… Corrective actions should be taken to make the primary facility able to accommodate normal operating procedures. Plan for the transition of all associates back to the primary facility. Follow the outlined actions to resume normal business operations. This may include keying manual documentation into an automated format. Both tenants and landlords must understand that the failure of one system can leave people unable to utilize the physical facility and to conduct normal business operations. A Facility Business Continuity Plan will provide a process that will enable safe and effective recovery. About the Author |