Embed Size (px)
DESCRIPTION
Semoga bermanfaat
Citation preview
ContingencyPlanning and
Disaster Recovery
A Small Business Guide
Donna R. ChildsStefan Dietrich
John Wiley & Sons, Inc.
ContingencyPlanning and
Disaster Recovery
ContingencyPlanning and
Disaster Recovery
A Small Business Guide
Donna R. ChildsStefan Dietrich
John Wiley & Sons, Inc.
This book is printed on acid-free paper.
Copyright © 2002 by John Wiley & Sons. All rights reserved.
Published by John Wiley & Sons, Inc., Hoboken, New JerseyPublished simultaneously in Canada
No part of this publication may be reproduced, stored in a retrieval system, ortransmitted in any form or by any means, electronic, mechanical, photocopying,recording, scanning, or otherwise, except as permitted under Section 107 or 108of the 1976 United States Copyright Act, without either the prior written permis-sion of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers,MA 01923, 978-750-8400, fax 978-750-4470, or on the web at www.copyright.com.Requests to the Publisher for permission should be addressed to the PermissionsDepartment, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, 201-748-6011, fax 201-748-6008, e-mail: [email protected].
Limit of Liability/Disclaimer of Warranty: While the publisher and author haveused their best efforts in preparing this book, they make no representations orwarranties with respect to the accuracy or completeness of the contents of thisbook and specifically disclaim any implied warranties of merchantability orfitness for a particular purpose. No warranty may be created or extended by salesrepresentatives or written sales materials. The advice and strategies containedherein may not be suitable for your situation. You should consult with a profes-sional where appropriate. Neither the publisher nor author shall be liable for anyloss of profit or any other commercial damages, including but not limited tospecial, incidental, consequential, or other damages.
For general information on our other products and services, or technicalsupport, please contact our Customer Care Department within the United Statesat 800-762-2974, outside the United States at 317-572-3993 or fax 317-572-4002.
Wiley also publishes its books in a variety of electronic formats. Some contentthat appears in print may not be available in electronic books.
Library of Congress Cataloging-in-Publication Data:
Childs, Donna R.Contingency planning and disaster recovery : a small business guide /
by Donna R. Childs, Stefan Dietrich.p. cm.
Includes bibliographical references and index.ISBN 0-471-23613-6 (cloth : alk. paper)
1. Emergency management. 2. Small business—Planning. I. Dietrich,Stefan, 1963— II. Title.HV551.2.C45 2002658.4'77—dc21 2002031115
Printed in the United States of America
10 9 8 7 6 5 4 3 2 1
v
ABOUT THE AUTHORS
Donna R. Childs is the founder, president, and chief executive officer ofChilds Capital, LLC, a Wall Street firm dedicated to poverty alleviationthrough economic development. She holds a B.S. from Yale University,an M.A. in International Economics and Finance from Brandeis Univer-sity, and an M.B.A. from Columbia Business School. Prior to establish-ing Childs Capital, she had 15 years of experience in finance and riskmanagement. She began her career as a research associate in the financedepartment at the Harvard Business School, was an investment bankerin the financial institutions group of Goldman, Sachs & Company, and,more recently, was a director and member of senior management of theSwiss Reinsurance Group in Zurich, Switzerland. A recognized author-ity on risk finance, Ms. Childs was the associate editor of Risk Financierand a frequent speaker at reinsurance industry conferences.
Stefan Dietrich majored in Computer Solutions and Aerospace Engineer-ing as an undergraduate, and received a diploma and doctorate, summacum laude, from the University of Stuttgart in Germany. He was a leaddeveloper of the hypersonic aircraft program of the German NationalAerospace Establishment in Göttingen, Germany, and then served as thelead developer for one of the U.S. National Science Foundation’s “GrandChallenge” supercomputer projects undertaken at Cornell University,then one of the world’s largest and most complex computer systems. Asa senior executive at Deutsche Bank, Dr. Dietrich contributed to thedisaster recovery and contingency planning for one of the largest trad-ing floors in Europe as a consequence of the bomb attack on Bishopsgatein London. Most recently, he served as the chief operating officer andexecutive vice president of a technology start-up company in New YorkCity. He currently advises small businesses with respect to their informa-tion technology infrastructures and disaster recovery procedures.
CONTENTS
Acknowledgments ix
Assignment of Authors’ Royalties xiii
Preface xv
Introduction 1
Chapter 1: Preparation 11
Chapter 2: Response 95
Chapter 3: Recovery 137
Chapter 4: Sample IT Solutions 191
Epilogue 209
Appendix: Basic Safety Practices 211
Resources 233
Glossary 239
Index 255
vii
ix
ACKNOWLEDGMENTS
Launching my own business is the fulfillment of a life-long dream. Itrepresents the opportunity to chart one’s own course, to do meaningfulwork, to fully develop one’s creative talents, to encourage the potentialin others, to leave a legacy. During the course of my entrepreneurialadventure, I have had the privilege of teaching in Russia under the aus-pices of the United States Agency for International Development. I havebeen so fortunate as to learn from the experts of the United NationsDevelopment Program in Latin America. I have benefited from the cu-mulative experience of the faculty and my classmates at the ExecutiveM.B.A. Program of Columbia Business School who have generouslyshared their knowledge to assist my enterprise and, in particular, Profes-sors Charles W. Calomiris, Murray Low, Cliff Schorer, Joe Flicek, LynnRussell, Peter Garrity, and Trevor Harris. I am grateful to the faculty andstaff of the Graduate School of International Economics and Finance atBrandeis University, and in particular, Dean Peter Petri, Professor RachelMcCulloch, and Professor Ben Gomes-Casseres. I have been coached andadvised by some of the sharpest financiers on Wall Street at GoldmanSachs and at 85 Broads, a networking association of Goldman alumnae.
I have enjoyed all of these experiences and more because I have twovery loving parents, who made numerous sacrifices for my education sothat these opportunities were available. I would like to thank my mother,Dianne M. Childs, and my father, Donald R. Childs, Ph.D, whose hardwork and personal sacrifices gave me the education that has opened upthe world. I am assigning part of my share of the authors’ royalties toendow a program in the name of my dad at the Massachusetts Instituteof Technology, so that academically gifted young men and women maybenefit from the same opportunities my dad made available to me. I hopethat my dad, who is retired, will enjoy mentoring those students andsharing with them his enthusiasm for the natural sciences as he did with
me! My dad never missed a parent-teacher’s meeting, never missed ascience fair or a spelling bee, sacrificed his Saturdays to coach my soc-cer and Little League teams, and offered every possible encouragementto me. I have very fond memories of touring college campuses with myparents during my senior year of high school, as we imagined what myfuture would be. I wish every young woman could have such a wonder-ful dad to instill in her confidence and optimism.
I appreciate the encouragement of Rick Lipkin, Calanit Dovere, andRavi Gupta. I would also like to thank my mentors: Rosalind Gilmore,former Director of Regulation of Lloyd’s of London; Robert Goodman,Managing Director and Head of the insurance investment banking prac-tice at Lazard Fréres; David M. Meerschwam, Managing Director ofGoldman Sachs; Reuben Jeffery III, Managing Director of GoldmanSachs; Jay Novik, former Vice Chairman, Swiss Re New Markets; PeterHügele, the recently retired Chief Investment Officer of the Swiss Rein-surance Company; Adrian Sülzer, Rolf Hunziger, and Andreas Bachofner,all senior executives of the Swiss Reinsurance Company; and JanetTiebout Hanson, the founder of 85 Broads. I am particularly grateful toJohn Whitehead, who was formerly the senior partner of Goldman Sachs.Many members of 85 Broads told me of his generosity in sharing his timeand experience to assist younger bankers who sought to launch their ownenterprises. Two weeks after the attack on the World Trade Center, hespent a half-day providing his feedback for a community developmentfund of my company. Not long after that meeting, John Whitehead wasappointed the chairman of the Lower Manhattan Redevelopment Cor-poration.
I must thank the law firm Cadwalader, Wickersham & Taft, whichgenerously provided assistance for a community development fund mycompany proposed to make available in the poorest communities in NewYork City. We began that process earlier in 2001, but it assumed a newsense of urgency given the economic losses the city sustained as a conse-quence of the terrorist attacks. Marissa L. Morelle, Esq., is not only anexceptionally gifted legal counsel, she is also an enthusiastic believer inthe project. I owe thanks to both Marissa and to Malcolm Wattman, Esq.,a partner of the firm. I am grateful to Jeff Silow, Esq., whose support hasbeen invaluable.
I would like to express my appreciation to Victor Alvarez, Alex Krutov,Brett Lacquercia, Ron Lenore, Anton Prenneis, and Joe O’Connor, my
x Acknowledgments
former business school teammates. Each was a source of encouragementand an absolute joy to work with. Sheck F. Cho has been a most patienteditor and I am indebted to him. We began writing our first draft of themanuscript soon after the attack on the World Trade Center, when ourlives were still unsettled. We were lucky to have Sheck to guide us throughthis process. Finally, of course, I must thank Stefan. Writing this book withhim has taught me a great deal about information technology that, irre-spective of contingency planning, I can immediately adapt to my ownbusiness processes.
Donna R. Childs
I would like to thank my parents, Raphael and Rita Dietrich, my sisterRafaela, and my brother Michael for their support throughout the pro-cess of writing this book. I come from Göttingen, a university town inGermany with a rich history, and I was scheduled to be in the World TradeCenter on September 11. I changed my plans when I heard the explo-sions that morning and could see from my home what had happened. Icannot imagine my family’s anxiety and worry as they watched eventsunfold on the television from halfway around the world, until my callrelieved their fears. Other parents were not so lucky. I lost a former col-league, Raj Mirpuri, who perished on the top floor of the second toweron that terrible day. His remains were never recovered. I think that myfamily appreciates my need to write this book to contribute somethingto respond to this tragedy, perhaps as a way of dealing with the feelingsof helplessness that such an event provokes.
I must thank Donna for conceiving of this project. Donna and I havebeen friends for some time and she read to me daily the newspaper andbusiness press accounts of small business owners in Lower Manhattanwhose losses could have been mitigated if they had put in place bettercontingency plans and insurance coverage. I didn’t think she was seri-ous, but she wrote a query letter to John Wiley & Sons, our favorite pub-lisher, and included a writing sample and an outline of chapters. Oneweek to the day later, Sheck Cho called us and we were off and running.
I must thank Sheck. English is a second language to me, and I sup-pose technology is a second language to many others, so I am fortunateto have an editor who was willing to converse in all languages until we
Acknowledgments xi
could find the right one to get our points across. I also want to thank JohnWiley and Sons, for the resources they committed to this book, for theirenthusiasm, and for their extraordinary responsiveness.
I must thank Arnie Herz, Esq., for his insights into legal and othermatters. Arnie is unlike any attorney I have ever met in that he brings avery constructive problem-solving approach to a discipline that is other-wise known for its narrow focus on conflict and win-lose games. Arnie hasa holistic approach to legal issues that is analogous to the holistic ap-proach to information technology issues that I bring to my own clients.Our messages are similar: don’t lose sight of your overall objective andremember that technology (or legal strategy) is simply a tool in serviceof a greater objective.
I want to thank Ian O’Sullivan of Delphos Inc. Craig Goldberg, Se-nior Consultant for Phone and Networking Solutions, and Lou Con-stable, Senior System Administrator for Large Scale Systems, were help-ful sources of information for certain of the technical sections of thebook. Finally, I’d like to thank all of the friends and people I have metduring my years in the United States. It has been a fantastic learningexperience for me and I echo the sentiments of the French woman whowas interviewed on CNN on September 11, 2001 when she said, “Today,we are all Americans.”
Stefan Dietrich
xii Acknowledgments
xiii
ASSIGNMENT OFAUTHORS’ ROYALTIES
We are assigning a portion of our royalties to JustGive, a 501(c)3 not-for-profit organization whose mission is to connect people with the chari-ties and causes they care about and to increase overall giving. As a cen-tral gateway to giving, JustGive provides people with the resources,services, and tools they need to give—whether it’s their money, their time,or their goods. We encourage you to visit JustGive at www.justgive.org.
JustGive is the only public nonprofit organization that passes through100% of donations to charities, thereby reducing fundraising costs forthe charities and increasing the impact of donations. As a JustGive part-ner, we will pay the transaction costs for a particular category of chari-table donations. Visitors to the site can select from categories of chari-ties that match their interests, such as “Overseas Aid” or “Environment”and will view a number of charities, grouped by theme, to which they cancontribute. You may find the information about charities dealing withdisaster relief to be helpful.
PREFACE
September 11, 2001, is a date that many Americans will treat in themanner our parents’ generation treated the assassination of PresidentKennedy. Each of us will remember where we were when the attacks onthe World Trade Center and the Pentagon occurred, and since theseevents have altered the course of history, we will almost certainly tell ourchildren of our personal experiences.
We certainly will remember. We were there. Our personal experienceof September 11, 2001, was the genesis of this book. I (Stefan) was leav-ing home to take the train to the World Trade Center stop, but when Iheard the explosion and saw what had happened, I remained at home.Certain of my former colleagues were not as fortunate. One of my formerco-workers, Raj Mirpuri, died in the World Trade Center that day. I willnever forget the memorial service held for him. The family and mourn-ers were all dressed in white, consistent with their religious custom. Hisparents’ grief was absolutely unspeakable. Raj was an only child, and hisdeath, and the manner of his death, and the fact that his remains havenot been recovered, have only compounded their sorrow.
I feared that I would lose many more friends as I watched the catas-trophe unfold. My home is an apartment near the Newport-PavoniaPATH station of Jersey City, right on the Hudson River, and affords aspectacular view of Lower Manhattan. Once I realized what was happen-ing, I reached for my camera and reflexively began taking pictures. Myemotions were a mix of shock and bewilderment, and fear for the safetyof my friends who live and work in Lower Manhattan. At the same time,I knew that I was witnessing a historic event and felt a need to record itin photographs.
I (Donna) live in Battery Park City, the residential neighborhood inthe shadow of the World Trade Center. Indeed, Battery Park City wascreated by the landfill excavated during the construction of the World
xv
Trade Center. Like many of my neighbors, I chose to live in Battery ParkCity both for the beauty of this community (my apartment affords a viewof the Statue of Liberty, Ellis Island, and the Hudson River) and its prox-imity to the financial district. I am a small business owner, and mycompany’s offices are located on Wall Street, just a fifteen-minute walkfrom home. Like most residents of this community, the World TradeCenter formed the “anchor” of my neighborhood.
On September 11, 2001, I had a 9:30 A.M. appointment in my officewith a former business school classmate, Alex Krutov. On my way to work,I stopped off at a pharmacy in the shopping concourse of the WorldTrade Center. After the first plane struck the World Trade Center,firefighters and police officers rushed into the towers and began theevacuation. I left the building, and because it was unsafe to walk about,I went home and immediately called the office to advise people of whathad happened and to urge everyone to leave the area. I was among thethousands of residents of Battery Park City who were evacuated. Togetherwith my neighbor and his dog, I boarded a New Jersey police boat andcrossed the Hudson River to safety. Our community was closed for overtwo weeks by the Mayor’s Office of Emergency Management, although Iwas once permitted to re-enter my home during that time, under theescort of a National Guardsman, to retrieve some clothing and personalitems.
The next two weeks were extraordinary. Like most Americans, weremained glued to the television set, watching events unfold in New YorkCity and across the world. At the same time, we could see in person whatmost Americans could see only on their television sets. It was as if we hadtwo screens displaying different images: the television screen displayingimages broadcast from around the world and the window on the HudsonRiver through which we saw, for example, the navy hospital ship, theU.S.S. Comfort, sail up the Hudson River, to make additional medicalassistance available. We saw the F-16s flying overhead, securing New York’sairspace. We saw the President’s helicopter, as President Bush arrived toaddress the rescue workers at the disaster site. We saw, day after day, theghastly plume of smoke rise from the remains of the World Trade Cen-ter, while the rest of Lower Manhattan, which was without electricity,remained in darkness.
When the Mayor reopened Wall Street, I returned to my office fromNew Jersey, commuting on a new water ferry route that had been estab-
xvi Preface
lished following the destruction of several subway stations in the finan-cial district. Army vehicles and soldiers patrolled Wall Street, which wasstill covered in soot. Few people were about the first few weeks follow-ing the disaster, giving the normally bustling financial district the appear-ance of a ghost town. My own office building remained without a cen-tral electricity supply, but a large back-up generator erected on thesidewalk provided sufficient electricity for a minimal level of lighting andcomputers and office equipment (but not the building elevator). Therewas no food to be had, as no deliveries of food had been made to LowerManhattan during the time that the community was closed by the Mayor’soffice. The food supplies that were in grocery stores and restaurants hadbeen discarded due to spoilage; without electricity it had not been pos-sible to refrigerate perishable foods.
And so we began the task of resuming our lives, reconnecting withfriends and family throughout the world to let them know we were safe,as telephone service became available, and rebuilding our small busi-nesses. We will never be able to calculate the human cost of the tragedy:the lives lost, the families scarred, the continuing fear and anxiety amongthose who lived through it and those who saw the disturbing images ontelevision. We can calculate, in a precise way, the financial costs of thecatastrophe. This is shown in the table on the following page, whichappeared in an article titled “The I.T. Toll” and is reproduced with theconsent of the publisher.
An economic impact study1 conducted by the New York City Partner-ship estimated that the September 11 terrorist attack would result in $83billion of damage to New York City’s economy. The study concluded thateven after the payment of insurance claims, federal reimbursement forrescue work, clean-up and repair of the transportation infrastructure, aswell as the ancillary effects of these damages, New York City’s economywould likely sustain a net economic loss of at least $16 billion. The City’seconomic development staff and the State’s Department of Labor haveeach estimated that Lower Manhattan lost 135,000 jobs in the six monthsfollowing the terrorist attack.
The economic consequences of this disaster were not confined toNew York City. With the temporary closure of airports and restrictionson travel on and following September 11, the travel industry has sufferedeconomic losses. With travel volume down, tourism, throughout theUnited States and overseas, has declined. There is a “multiplier” effect
Preface xvii
xviii
IT T
oll
Empl
oyee
s at
Com
pany
Gro
und
Zero
IT A
sset
sD
amag
e/D
ownt
ime
Com
men
ts
Am
eric
anE
xpre
ss, a
$39
billi
onfi
nan
cial
serv
ices
fir
m
Aon
Cor
p., a
$10
billi
onri
sk m
anag
e-m
ent
and
insu
ran
cebr
oker
age
firm
3,20
0 em
ploy
ees
on f
loor
94
in 1
Wor
ld T
rade
Cen
ter,
27 f
loor
sin
3 W
orld
Fin
anci
al C
ente
r,an
d 3
floo
rs in
7W
orld
Tra
deC
ente
r; 1
1 di
ed.
1,10
0 em
ploy
ees,
on f
loor
s 92
an
d98
-105
in 2
Wor
ld T
rade
Cen
ter;
176
peri
shed
Abo
ut 3
,200
PC
s, e
-m
ail a
nd
Web
serv
ers,
an
d a
serv
erfa
rm f
or A
mer
ican
Exp
ress
Ban
k ’s
tran
sact
ion
sys
tem
s
Abo
ut 1
,100
PC
s, 2
0se
rver
s an
d co
mm
u-n
icat
ion
s ge
ar f
or14
New
Yor
k A
onlo
cati
ons.
$140
mill
ion
. No
loss
of
cust
omer
serv
ice
or b
ank
tran
sact
ion
pro
cess
-in
g, t
han
ks t
o h
ot b
acku
p se
rver
s th
atke
pt s
yste
ms
run
nin
g. E
-mai
l ser
vice
for
four
New
Yor
k br
anch
es w
as d
own
for
36 h
ours
. Am
Ex’
s h
eadq
uart
ers,
thou
gh s
till
stan
din
g, w
ill n
ot b
eus
able
for
mon
ths.
By
Oct
. 8, d
is-
plac
ed s
taff
ers
wer
e in
stal
led
in f
ive
loca
tion
s in
New
Jer
sey
and
Con
nec
ti-
cut.
No
data
loss
due
to
back
up s
yste
ms,
but
hig
h-s
peed
Net
acc
ess
for
Aon
’s 1
4lo
cal o
ffic
es w
as n
ot f
ully
res
tore
dun
til O
ct. 1
9. D
urin
g th
e in
teri
m,
sate
llite
off
ices
man
ually
dia
led
into
hea
dqua
rter
s fo
r e-
mai
l an
d In
tern
etse
rvic
e. C
IO J
une
Dre
wry
rue
fully
adm
its,
“We’
re ju
st g
etti
ng
back
to
nor
mal
.”
Des
pite
Am
eric
an E
xpre
ss’ s
hug
epr
esen
ce a
t th
e W
orld
Tra
deC
ente
r, it
s lo
sses
wer
e h
ardl
yde
vast
atin
g. F
or t
hat
, th
e co
mpa
ny
cred
its
its
con
tin
gen
cy p
lan
nin
g.“W
e m
ay m
ake
a fe
w a
djus
tmen
tsas
a r
esul
t of
th
is e
xper
ien
ce,”
say
ssp
okes
pers
on T
ony
Mit
chel
l. “B
utby
an
d la
rge,
our
pla
ns
wor
ked
succ
essf
ully
. Fro
m a
cus
tom
erst
andp
oin
t, t
hey
wor
ked
wit
hou
t a
glit
ch.”
“We
had
a d
isas
ter
reco
very
pla
n,
but
it d
idn
’t a
ccou
nt
for
the
poss
ibili
ty t
hat
eve
ryth
ing
wou
ldbe
lost
,” s
ays
CIO
Dre
wr y
. “Fi
ndi
ng
new
har
dwar
e w
asn
’t o
ur p
robl
em.
It w
as f
indi
ng
spac
e fo
r ou
rdi
spla
ced
empl
oyee
s an
d ge
ttin
gth
em c
onn
ecte
d” t
o A
on’s
net
wor
k.
xix
Dow
Jon
es, a
$4 b
illio
nin
tern
atio
nal
new
gia
nt
May
Dav
isG
roup
, apr
ivat
ely
hel
dfi
nan
cial
serv
ices
fir
m
Mor
gan
Stan
ley,
a $
54bi
llion
inve
stm
ent
ban
kin
g fi
rm
800
empl
oyee
son
flo
ors
9-12
and
14-1
6 in
1W
orld
Fin
anci
alC
ente
r, al
lsu
rviv
ed
13 e
mpl
oyee
s,on
flo
or 8
7 in
1W
orld
Tra
deC
ente
r; 1
peri
shed
3,70
0 em
ploy
ees
on 2
2 fl
oors
in 2
Wor
ld T
rade
Cen
ter
and
3fl
oors
in 5
Wor
ldTr
ade
Cen
ter;
6di
ed
Abo
ut 8
00 P
Cs,
50
serv
er c
lust
ers
for
the
Wal
l Str
eet
Jour
nal a
nd
Bar
ron’
sde
skto
p pu
blis
hin
gsy
stem
s, D
ow J
ones
new
s w
ire
feed
s,an
d th
e co
mpa
ny’
sen
tire
e-m
ail
syst
em.
13 P
Cs,
dat
abas
es,
and
Web
an
d e-
mai
lse
rver
s
A s
erve
r fa
rm f
orIn
tern
et t
rade
s an
dth
e in
tran
et f
or it
sbr
oker
s n
atio
nw
ide.
Als
o, a
net
wor
kco
ntr
ol c
ente
r th
atm
onit
ored
its
inve
stor
tra
nsa
ctio
nsy
stem
s.
Mor
e th
an $
2 m
illio
n t
o re
plac
e IT
har
dwar
e an
d of
fice
equ
ipm
ent.
No
data
or
serv
ice
loss
. A h
ot b
acku
p in
its
New
Jer
sey
data
cen
ter
kept
its
web
site
s, n
ews
wir
e se
r vic
es, a
nd
e-m
ail r
unn
ing
unin
terr
upte
d. B
y la
teSe
ptem
ber
all e
mpl
oyee
s h
ad r
elo-
cate
d to
Dow
Jon
es’s
New
Jer
sey
cam
pus
and
oth
er M
anh
atta
n o
ffic
es.
Abo
ut $
100,
000
in d
estr
oyed
equ
ip-
men
t, w
ith
at
leas
t $1
mill
ion
inre
ven
ue lo
st t
o do
wn
tim
e an
d da
talo
ss. S
ome
clie
nt
reco
rds
lost
. Ate
mpo
rary
New
Yor
k of
fice
ope
ned
Sept
. 17.
Est
imat
ed a
t $1
50 m
illio
n. N
o da
talo
st. H
ot b
acku
p si
tes
in M
anh
atta
nan
d N
ew J
erse
y ke
pt 9
0 pe
rcen
t of
its
syst
ems
up a
nd
run
nin
g w
ith
out
inte
rrup
tion
; e-m
ail w
as r
esto
red
wit
hin
72
hou
rs. T
he
com
pan
y’s
New
Jers
ey lo
cati
on is
now
its
mai
n d
ata
cen
ter;
an
oth
er s
ite
is u
nde
r co
nst
ruc-
tion
in S
an F
ran
cisc
o.
Dow
Jon
es p
ride
s it
self
on
run
nin
gon
e of
th
e be
st d
ata
prot
ecti
onse
tups
in t
he
busi
nes
s. B
acku
psy
stem
s ar
e on
line
24/7
, an
d ev
ery
data
cen
ter
has
its
own
pow
erge
ner
ator
. “W
e h
ave
spen
t te
ns
ofm
illio
ns
of d
olla
rs t
o m
ain
tain
ah
igh
leve
l of
redu
nda
ncy
,” s
ays
CT
O W
illia
m G
odfr
ey. “
It’s
ingr
ain
ed in
our
cul
ture
.’
May
Dav
is h
ad n
o ba
ckup
pla
n in
plac
e at
th
e ti
me
of t
he
atta
ck.
Wh
en t
he
Gul
f W
ar b
egan
in 1
990,
Mor
gan
Sta
nle
y re
vam
ped
its
disa
ster
-rec
over
y pl
an—
spec
ifyi
ng
ever
yth
ing
from
wh
ere
empl
oyee
sm
eet
afte
r a
cris
is t
o h
ow d
ata
are
prot
ecte
d. I
t w
as a
lso
luck
y –
earl
ier
this
yea
r it
upg
rade
d a
faci
lity
in M
anh
atta
n w
ith
a s
tate
-of
-the-
art
back
up s
yste
m, 4
00 w
ired
wor
ksta
tion
s, a
nd
spac
e fo
r 1,
000
empl
oyee
s.
(con
tinue
d)
xx
IT T
oll (
cont
inue
d) Empl
oyee
s at
Com
pany
Gro
und
Zero
IT A
sset
sD
amag
e/D
ownt
ime
Com
men
ts
Opp
enhe
imer
Fund
s, a
mut
ual f
und
com
pan
y w
ith
mor
e th
an$1
15 b
illio
nin
ass
ets
unde
rm
anag
emen
t
598
empl
oyee
s,on
5 f
loor
s in
2W
orld
Tra
deC
ente
r; a
llsu
rviv
ed
Com
pute
rs f
or s
tock
trad
ing,
mor
e th
an60
0 PC
s, a
nd
serv
ers
for
an in
tran
et
Com
pute
rs w
ere
back
ed u
p n
igh
tly
ina
Den
ver
offi
ce, s
o da
ta lo
sses
wer
em
inim
al. O
ppen
hei
mer
’s m
issi
on-
crit
ical
tra
din
g sy
stem
s w
ere
read
y fo
rbu
sin
ess
wit
hin
sev
en h
ours
, ope
rat-
ing
out
of it
s N
ew J
erse
y lo
cati
on.
Dei
dre
Lan
nin
g an
d M
atth
ew M
aier
, “T
he
I.T.
Tol
l: W
orld
Tra
de C
ente
r te
nan
ts s
trug
gle
to g
et b
ack
to b
usin
ess,
”B
usin
ess
2.0,
Dec
embe
r20
01, p
age
122;
rep
rin
ted
wit
h t
he
perm
issi
on o
f th
e pu
blis
her
.
“Th
e’9
3 [W
TC
] bo
mbi
ng
was
agr
eat
less
on in
th
e w
isdo
m o
fh
avin
g a
con
tin
gen
cy p
lan
,” s
ays
spok
espe
rson
Gre
g St
itt.
Aft
er t
hat
atta
ck, O
ppen
hei
mer
wir
ed a
1,50
0-sq
uare
-foot
-spa
ce in
New
Jers
ey a
nd
built
a b
acku
p tr
adin
gfl
oor.
as those who directly sustained economic losses cut back on their spend-ing, which in turn, has economic consequences for suppliers who, in turn,cut back on their spending, and so on.
The “ITT Toll” table is a particularly helpful synopsis of one categoryof losses suffered by six tenants of the World Trade Center and the adja-cent World Financial Center. There are four conclusions that one candraw from this table that are of particular interest:
1. The toll is substantial, and yet includes only one component ofeconomic losses: those pertaining to information technology.Morgan Stanley, for example, estimates its losses related to infor-mation technology at $150 million! Other costs, such as employeeabsenteeism or lost revenues, are not considered in this presen-tation. The total losses due to this catastrophe are obviously sig-nificantly higher than simply the IT costs.
2. The losses were motivated by a disaster on a scope and scale thatvastly exceeded the worst-case scenarios envisioned by those ex-ecutives responsible for risk management. The chief informationofficer of AON Corporation notes, for example, that thecompany’s disaster recovery plan did not “account for the possi-bility that everything would be lost.” (For the record, in devel-oping a contingency plan for Childs Capital, the worst-case sce-narios we had contemplated included lack of access to our officebuilding for some time due to fires in the nearby subway station—nothing on the order of magnitude of the events of September11.) Yet, those companies may have been better prepared thanmany other businesses throughout the country, as the 1993bombing of the World Trade Center alerted them to the neces-sity of contingency planning.
3. Five of the six companies profiled in this table are large, well-capi-talized corporations with significant resources. In certain indus-tries, large companies are required to have contingency and di-saster recovery plans in place and to make them available to theirregulators. The contingency and disaster recovery plans of mu-tual fund companies, for example, are currently among the toppriorities for the Securities and Exchange Commission. Few smallbusinesses would likely have the capital and human resources to“maintain a high level of redundancy,” as was done by the DowJones organization.2
Preface xxi
4. One of the companies profiled, May Davis Group,3 is a smaller,privately held financial services firm that had no backup plan inplace at the time of the attack. The losses sustained by that firmare almost certainly more painful than a comparable loss sus-tained by a larger, wealthier corporation.
In discussing the business consequences of the events of September11, The Economist 4 reported:
For the next few years, many companies will seek security andcertainty. Some lessons learnt in anticipation of the millennium-bug disaster that did not happen will be revived. Critical com-puter systems will be triplicated, not just duplicated, and keptphysically separate: the Bank of New York had two clearing sys-tems, with different telephone and power supplies, but both werein Lower Manhattan and were disabled after the attacks. Com-panies will want to know where their staff are, and will think twiceabout allowing all their top teams to work in the same officebuilding. Outsourcing contracts will be rewritten, to clarify pro-visions on disaster recovery. Supply chains will be redesigned, tomake them less vulnerable to disruption. Security checks will beincreased. Many of these changes will build in redundancy. Theywill therefore add costs and reduce efficiencies at a time whencompanies can ill afford either. But the bigger issue for mostfirms is how best to manage through hard times.
As large corporations shudder at the costs that will likely be incurredto build in additional layers of redundancy to their operational capaci-ties, imagine the response of small businesses. Our research has shownthat most small businesses in Lower Manhattan did not have contingencyand backup plans in place prior to September 11, 2001. Many of themwere underinsured. The consequences to small business of the Septem-ber 11 attacks are staggering: according to J.P. Morgan Chase Manhat-tan Bank, before the attacks there were nearly 7,800 businesses withannual revenues of less than $10 million (the Bank’s definition of smallbusiness) at Ground Zero and about 34,800 small businesses in LowerManhattan. This affects all of us: according to the Small Business Admin-istration, small businesses collectively employ more workers than all of
xxii Preface
the companies in the Fortune 500. We all have a stake in the health andvitality of the small business sector.
Few small business owners have the financial resources to access theexpertise that we have to offer, which is why we propose to make it avail-able through this book. We read daily in the press the heart-breakingstories of owners of small businesses in Lower Manhattan who had inad-equate insurance and inappropriate technology support. We hear tragicstories from the vendors, suppliers, friends, and neighbors with whomwe conduct business. The livelihoods of those small business owners andtheir employees are at risk. Their dreams are in jeopardy. According todata gathered by the American Red Cross, as many as 40% of small busi-nesses do not reopen for business after they are affected by a major natu-ral disaster such as an earthquake or flood. The Red Cross believes thatthis percentage would be significantly lower if small businesses were tomake minimal investments in disaster preparation.
Regrettably, we cannot prevent disasters from occurring, but we canequip small business owners with the knowledge they will need to miti-gate their risks and to recover quickly when disaster does strike. That isthe goal of this book. As small business owners, our resources are lim-ited and we must work our assets smarter, not harder, than the assets oflarger companies. We must spend our insurance premium dollars wisely;we must make cost-effective decisions on establishing backup informa-tion technology support. We will give you the tools to do that, to put inplace an appropriate contingency and disaster recovery plan.
Before we continue, we must be clear about what we mean by disas-ter. We define a disaster as an event that disrupts business operations ata given site and results in a temporary or permanent dislocation of thebusiness. A factory fire is, by our definition, a disaster. A product liabil-ity crisis, by the same definition, is not. Consider the experience of tam-pering with the Tylenol® product manufactured by Johnson & Johnson.We consider that to be a business crisis, one that requires a business tomanage communications with its stakeholders and possibly make changesto its manufacturing (or in this case, packaging) processes. The Tylenol®
crisis, while undoubtedly painful for the company, did not disrupt busi-ness operations or cause the employees to lose access to Johnson &Johnson facilities. Work at Johnson & Johnson could continue on-site,even as the executives of the company were working to communicate withtheir customers, the investment community, the distributors of their
Preface xxiii
product, and other stakeholders. We cannot advise you on situations suchas the Tylenol® crisis; we are not experts in corporate communications.As such, crisis management is beyond the scope of this book and wewould refer you to other sources.5
Few small business owners have the reach to find themselves in a crisiscomparable with that experienced by Johnson & Johnson. However, manyof us will, unfortunately, experience natural disasters such as fires andfloods and disruptions in power supply during the course of building oursmall businesses. The consequences of such disasters can be mitigatedby carefully crafting an insurance program and ensuring adequate infor-mation technology capacity. Many of the techniques and suggestions wemake in this book are applicable to the nonprofit sector as well. We weresurprised to learn that up to 20% of workers in New York City are em-ployed by nonprofit organizations that were affected by the terrorist at-tacks. We hope this book will be helpful to nonprofit organizations that,like small businesses, pursue their missions with limited resources.
Of course, each small business (or not-for-profit organization) facesunique circumstances and constraints and we cannot reasonably antici-pate the needs of each and every single reader. We advise you to consultexperts, such as commercial insurance brokers, where appropriate, andexpect that the information we impart in this book will enable you to bea more knowledgeable consumer of such services and to use such servicesin a cost-effective manner.
We hope that your small business never experiences a disaster andwe hope that the world never again experiences events such as the oneswe experienced on September 11, 2001. Unfortunately, we cannot pre-vent such tragedies from occurring. We hope, however, that we can as-sist you in preparing your small business for disasters that will, unfortu-nately, occur from time to time. We also believe that you will find thatcontingency and disaster recovery planning improves the efficiencies ofyour business processes and, therefore, that the planning process werecommend will immediately benefit your business—irrespective of whetheryour business ever experiences a disaster.
NOTES
1. See the New York City Partnership’s website, www.nycp.org.2. For a detailed treatment of the increased costs imposed on businesses
xxiv Preface
by the terrorist attacks, we recommend you read an article that appearedin the February 18, 2002, issue of Fortune, entitled “The FrictionEconomy: American Business Just Got the Bill for the Terrorist Attacks—$151 billion a year” by Anna Bernasek.
3. For a moving and detailed account of the recovery process of the MayDavis Group, please read “Thirty Days of Grace” in the December 2001issue of Worth magazine. This article should be required reading forevery small business owner and employee.
4. October 13, 2001.5. During the course of my business career, I (Donna) participated in
excellent crisis management programs offered by the Corporate Re-sponse Group in Washington, DC, which I highly recommend.
Preface xxv
ContingencyPlanning and
Disaster Recovery
1
INTRODUCTION
Disasters occur with numbing frequency. From simple human errors tonatural disasters, unanticipated events can have serious consequences foryour business operations. This is particularly true for small businesses.In hindsight, it is remarkable that disaster contingency planning for small-and medium-sized businesses received such little attention from businessowners and from the business press. But the tragic events of September11, 2001, have pushed this issue to the forefront of concern for decisionmakers in both business and government.
In the aftermath of the attacks on the World Trade Center we haveseen that the most serious losses were borne by small and medium-sizedbusinesses. Large companies did relatively well and could enter into di-saster recovery mode much more rapidly. This is due to the fact that manyprivate businesses and single-office companies did not actually have ad-equate disaster contingency provisions or appropriate insurance policiesin place. Without having created off-site backups of legal documentationand confidential data files, many of these businesses lost all records oftheir critical information.
Large businesses have spent billions of dollars on contingency plansthat help to mitigate their risk of being exposed to disasters. These ex-penses are an investment for safeguarding the company and insuring thevalue of the business assets. If you actually consider the potential down-side loss that any of these disasters can cause, the actual investment indisaster prevention appears relatively small. However, disaster recoveryhas become an item that is synonymous with big ticket expense.
It is a myth that disaster contingency is generally expensive. Thedevelopment of a disaster contingency plan will require an investmentof time and money, but it may not be as expensive as you fear. In fact,you may be surprised to learn that the expenses incurred fromdownscaling contingency planning solutions for large businesses are not
2 Contingency Planning and Disaster Recovery
cost-effective or likely appropriate for your business. Small businesseshave unique requirements. We recommend specific solutions that aresimple to implement, cost-effective, and provide “built-in” contingencysupport.
We have found that many small business owners do not fully realizethe many benefits that come with contingency planning. Many believethat since disasters are so unpredictable and since there seems to be littleone can do to protect against them it is not worthwhile to invest resourcesin disaster contingency and recovery planning. But you will soon realizehow often you have already faced “small” disasters, such as a mistakenlydeleted computer file, so you will find that the additional protection willalso significantly improve your day-to-day operations. Soon you will won-der how you ever operated without your contingency plan.
You cannot prevent disasters from happening. The most you can doto prepare is to minimize your business exposure and limit your finan-cial risks. Each disaster is unique, and the catastrophic events of Septem-ber 11 could be considered an anomaly that does not threaten typicalbusiness owners, but disasters share similarities. We examine the commontypes of disaster to determine how to prepare and protect ourselves andhow to insure the financial losses that are associated with disasters.
When a disaster occurs, you will not only have improved your pre-paredness to handle it appropriately, but there may be legal requirementsfor preparedness. In general, all businesses must meet their contractualobligations even in times of emergencies, and have done their due dili-gence for adequate levels of disaster contingencies. Your legal counselshould advise you appropriately. Publicly traded companies face evenstricter regulations. The Foreign Corrupt Practices Act of 1977 states thatpublicly traded companies must comply with appropriate accountingstandards and safeguard all corporate assets. If you are insufficientlyprepared, any crisis could expose you to costly litigation from employ-ees, customers, and shareholders.
This guide is intended to educate you about contingency plan-ning for small businesses so that you can develop a strategythat will provide protection against a variety of unpredictable
disasters. We will show you how any small company, regardless of itssize and financial resources, can take steps to significantly improvethe protection of its business in the case of a disaster. It is simple,
Introduction 3
hands-on advice that does not require expensive external consultingguidance. Throughout this book, we use the symbol next to this para-graph. It highlights important steps, or unusual ideas for your disas-ter contingency effort.
The following summary outlines the approach of this book as weguide you through a step-by-step process to better understand the risksand preventive measures you can take to protect your business from di-sasters.
CHAPTER 1: PREPARATION
The first chapter of this guide discusses the steps that should be takento prepare for a disaster. This preparation effort will mitigate your lossesshould a disaster strike. The following points are discussed:
• Determine which assets are critical for protection.• Establish general protection measurements.• Take precautions to avoid specific disasters, such as the loss of
computer data due to human errors.• Mitigate potential damages. These precautions are designed to
protect your information technology (IT) infrastructure, such asproviding user training, creating additional contingencies by aug-menting essential equipment, avoiding concentrations of function-ality, determining policies for backing up critical data, and estab-lishing a secondary office location. We also recommend that youestablish “redundant” financial capacity, analogous to redundantIT capacity, in the form of an insurance program and a financialreserve, so that you will have resources on hand to meet unantici-pated expenses following a disaster.
CHAPTER 2: RESPONSE
In this chapter we provide some advice on how to react once a disasterhas struck, with a special emphasis on how to minimize the risks as wellas the liabilities to your small business. To protect your IT infrastructure
4 Contingency Planning and Disaster Recovery
may require an emergency shutdown of your systems, an isolation of anysystems found to be defective, and an effort to contact third parties tobegin rebuilding your operational capacity. At the same time, you mustdocument your insured losses and file timely claims with your insurancecarrier. We advise you how to go about those processes.
CHAPTER 3: RECOVERY
In this chapter, we discuss how to begin moving your business forwardfollowing a disaster, how to assess damage and communicate with all ofthe stakeholders in your business, and how to begin prioritizing tasks toresume business operations. We provide some information on disasterrelief services and advice on coping with the emotions that surface fol-lowing a disaster. To guide you in resuming operations from your ITassets, we advise you how to recover data, replace equipment, review theperformance of the third parties that have supported your recovery ef-forts, and reestablish business operations at a new site, if necessary. Sinceyour insurance program will be affected by a disaster, we provide somespecific advice on how to reconstruct your insurance policy, resolve dis-putes, and reinstate your coverage.
CHAPTER 4: SAMPLE IT SOLUTIONS
In this chapter we present some specific disaster contingency solutionsthat you may adapt for your own needs as appropriate. We present a“small business or home office” solution that would be suitable for amodest-sized operation with up to eight employees using computers aspart of their work processes. We then consider minimal and robust solu-tions (to be adapted as your resources permit) for businesses with up to20 employees using computers and for small businesses with more than20 employees using computers at the worksite.
By definition, disasters are acts of God that cannot be prevented, butyou should be prepared for a disaster, know how to respond to a disas-ter, and be confident that you will likely recover and almost certainly learnfrom the experience. Before you start preparing your disaster contin-gency plan, you need to identify the critical assets of your business, whatyou consider to be the “jewels” of your business.
Introduction 5
You will likely learn that the most valuable assets of your small busi-ness are:
• The proprietary knowledge of your company.• The people who understand and work with that knowledge.
We usually find that small business managers are aware of the risk ofloss of proprietary knowledge that resides with human capital. Manag-ers often think of how to respond if a key employee leaves the company.But we find that they have a much lower level of awareness of the risk ofloss of proprietary information that is exclusively stored on their IT sys-tems and rarely have in place concrete plans for responding to a majorcomputer failure. Many small businesses simply feel overwhelmed by atechnology that is evolving at a frantic pace. Systems become obsoleteafter two or three years. During their brief life cycles, systems must befrequently upgraded and are inundated with data. Computer systems insmall businesses are often assembled without any structured plans for thestorage and retrieval of data.
We present the following scheme of disasters, beginning with thehigh-frequency/low-severity category of human errors to the high-sever-ity/low-frequency category of terrorism and sabotage. Very often, smallbusiness owners forego contingency planning for disaster, believing di-sasters to be catastrophic in scope and beyond their control. In fact, the“disasters” your business is most likely to experience are of the mundanehuman error variety. And there are procedures that you can put in placeto mitigate your business losses from such disasters. Those procedures,in turn, will help you build more resilient and robust business processes,better equipped to recover from the larger-scale disasters.
1. Human errorsDefinition: Human errors are triggered by actions unintentionally
undertaken by managers and employees acting in good faith that subse-quently are shown to be mistakes. The most common causes of humanerrors are inadequate computer user training, fatigue, and carelessness.These errors can reduce the productivity and increase the costs to yoursmall business.
Real-world example: A new employee at a small business client supportgroup wants to add new phone numbers to the contact information inthe company’s call-tracking system. He thinks that instead of entering the
6 Contingency Planning and Disaster Recovery
telephone numbers manually, he will save time by writing a script thatautomatically replaces the appropriate numbers. After running the script,all phone numbers in the system are replaced with the first phone num-ber in his script. It takes hours to retrieve the backup tapes and to re-build the database. Needless to say, all updates made to the computersystem that day have to be manually corrected. Replacing the new num-bers manually, the original task that the new employee had sought toavoid, is the least time-consuming part of the recovery process.
2. Equipment failuresDefinition: These are malfunctions or complete failures of any type
of office machinery used to store or process information. Office equip-ment commonly includes fax machines, personal computers, phone sys-tems, and network components. Equipment is prone to breakage andfailure, and so you should anticipate that your business will, at some time,experience equipment failure.
Real-world example: After five years of service, the main disk of an oldfile server no longer spins after the machine had been routinely rebootedon the last weekend of the month. Subsequent investigation reveals thatnone of the remaining computers can read data from that main disk.After comparing the costs of hiring a data recovery service to reestablishthe data and the hours required to restore the data from the backupsystem, it is determined that only about 20% of the most critical businessdata will be recovered, leading to great frustration among the employ-ees who had lost files.
3. Third-party failuresDefinition: These are failures of third parties to deliver services that
you need to operate your information-storing and -processing equipment.Included here are electrical power failures, loss of phone service, or fail-ures of Internet or market data providers. This category also includesfinancial disasters such as, for example, the default of your largest cus-tomer.
Real-world example: A telecommunication provider defaults on its debtand seeks bankruptcy protection. Your business telephone system mal-functions. Your service provider informs you that it is using the servicesof a repair company that also had to temporarily suspend its servicesbecause its main creditor was the telecommunications company now indefault. You are assured that everything is being done to fix your phone
Introduction 7
connection as soon as possible, but with other “big” clients on their pri-ority list, you, as a small business owner, have to wait a couple of days.When you come home in the evening, your answering machine is full ofmessages with urgent calls from your clients.
4. Environmental hazardsDefinition: These are all conditions that do not permit you to enter
your regular business offices while your IT infrastructure stays opera-tional. These conditions could include smoke from a nearby fire, hazard-ous substances that have been discovered in your building, irritants likefresh paints, pollutants in your building, or contamination of your officewith radioactive, biological, or chemical substances. These hazards pre-vent you from entering your worksite.
Real-world example: Asbestos is discovered during construction workin your neighbor’s offices. You share the same air-conditioning unit withyour neighbor, and you have to leave your offices. You are not allowedto take any computer equipment with you as the fans have collected as-bestos with the dust and require cleaning that will take days to complete.
5. Fires and other disastersDefinition: Here we consider all events that are destructive to your
office and, hence, to your IT infrastructure. Although fire poses the mostcommon threat, other disasters include natural events, like earthquakes,floods, and storms, and man-made disasters, like gas leaks and subsequentexplosions. All of these can be very destructive and would either renderyour office unusable or simply prevent your key employees from comingto work.
Real-world example: A water pipe in the ceiling breaks. Water spraysthroughout the office. Eventually, it enters some IT equipment and short-circuits the power supply. Fortunately, the water is quickly shut off, theequipment is dried, and some parts, including the power supply, arereplaced. Everything seems to be fine. Two weeks later, severe mold de-velops. A hazardous condition exists and the office can no longer be used.The IT equipment is relocated to a temporary office location, but theequipment becomes unreliable. Water corrosion inside the PC has dam-aged plugs and prevents the CPU fan from running at full speed. Insuf-ficient cooling of the CPU causes system crashes. This is a good examplehow a single event can cause a series of related disasters—in this case,from a water leak to equipment failure.
8 Contingency Planning and Disaster Recovery
6. Terrorism and sabotageDefinition: We define a terrorist attack as an intentional, systematic,
planned, and organized effort with the goal to cause maximum damagewith resulting publicity. Sabotage is also motivated by calculated intent,but rarely attracts the same level of public attention. Unlike the otherdisaster types, acts of terrorism and sabotage can be the most threaten-ing because they are based on malicious intent, and if the perpetratorshave access to sensitive information about your business, very concen-trated damage can be done with relatively little effort. For terrorists, allmeans are considered just to reach the goal. Hence, the spectrum ofattacks is unusually large, from hostage situations to large bomb explo-sions, and, as we saw on September 11, suicide missions using planes asweapons of mass destruction, causing numbers of human casualties anddestruction of large office buildings. Saboteurs, on the other hand, likethe secrecy of underground activities and work with sophisticated tools.They can attack you from the outside, such as attacks by computer hack-ers, or attempt to infiltrate your organization with computer viruses. Youcan also be threatened from the inside when, for example, a disgruntledsystem administrator sabotages your backup system.
Real-world example: These are rare cases, and unfortunately, it is prac-tically impossible to be fully protected. Terrorist acts are usually publicand can result in the complete destruction of IT equipment assets. Casesof sabotage usually do not reach the public’s attention, nor can it alwaysbe determined if the damage was the result of a highly sophisticated actof sabotage or simply a common equipment failure. Since we do not wantto make suggestions to those with bad intentions, we refer to a real-worldexample from 20 years ago. A company with approximately 40 employ-ees had a so-called mini-computer and a green bar paper printer, bothof which were located in an air-conditioned room. The whole companydepended on this one computer system, and it was simply prohibitive onthe basis of cost to back it up with a second system. However, the operat-ing system was very stable, so typically this was a reliable setup. An em-ployee, possibly by accident, reduced the level of humidity in the air qual-ity control unit, resulting in the buildup of high electrostatic voltage inthe printer paper. The voltage was discharged through the connectionof the computer with the printer, thereby destroying the whole computer.
Each category of disaster we have presented requires a unique formof preparation and emergency response. In developing your businesscontingency plan to protect against these disasters, you should considerthat as you go down the list from human error towards terrorism and
Introduction 9
sabotage, the frequency of the event decreases but the severity of theresulting damage increases. Human error is by far the most commoncause of business disasters on a day-to-day basis. In most cases it is rela-tively simple to protect against this risk and it is possible to recover fromsuch errors with minimal impact to your company’s business. However,an act of terrorism and sabotage would be a rare event for most busi-nesses, but if such an event should occur, it would cause significant dam-age that could critically affect your company’s future. Thus it is impor-tant for the reader to weight the likelihood of occurrence with the risksassociated with each type of disaster in order to create the type of disas-ter contingency plan that best meets your needs.
All managers should review with their employees basic safety prac-tices, such as the means of exit from the worksite in the event of fire.There are various government and local agencies that can assist smallbusinesses with employee safety training. Begin by contacting your localCity Hall, the Occupational Safety and Health Agency (OSHA) and theFederal Emergency Management Agency (FEMA). You should also con-tact your local emergency planning committees, fire departments, policedepartments, emergency medical services organizations, and the RedCross for guidelines to ensure workplace safety.
Since employee safety is so important and fire is such a commonhazard it makes sense to begin by contacting the fire department forinformation on evacuation plans for your building and information toprevent and prepare for fire-related disasters. You should identify themedical facility or hospital nearest your place of work where you can seektreatment in the event of an emergency. Many hospitals provide freesafety training to members of the community, and it is well worth theeffort to complete such a course of instruction. You must periodicallyreview your safety training materials to ensure that they are up to date.Employee training and drills should be practiced on a regular basis. Andmeet your neighbors. A good relationship with other businesses in thecommunity could be mutually beneficial. You could store your backuptapes at one another’s sites, for example.
In the Appendix, we include some basic information about workplacesafety to use as a starting point for employee safety training. For a moredetailed approach to safety training, we refer you to your local hospital,fire department, or local chapter of the Red Cross. They are the experts.Once you have developed a plan for basic workplace safety training, weare ready to begin our discussion of preparing a contingency plan foryour small business.
11
CHAPTER 1
Preparation
The first step in preparing a disaster contingency plan is a rigorous as-sessment of your business. In this chapter we are going to guide youthrough a plan of preparation for your critical IT assets and for a pro-gram of insurance. We want to share with you what we have learned aboutthe need to put in place redundant technology and financial assets soyou can recover more quickly when disaster strikes. We preface this guidewith some questions for you to keep in mind as you work through thissection of the book. The questions that we hope to provoke, and theanswers that only you and your employees can provide, will help you toidentify areas on which to focus in developing your contingency plan.
You must identify the critical business assets that you wish to protect.Now is the perfect time to assess past events that have affected your busi-ness (Have you had prior experience with natural disasters? Is your busi-ness located in a flood zone?) and your business’s current status. Con-sider how you would react to the categories of disasters we have identifiedand take into consideration how your clients and suppliers would beaffected should your business experience a disaster. For example, if yourbusiness operations were temporarily disrupted, would your clients seekalternate sources of the products and services you supply to them? Couldyou mitigate this risk by diversifying your production and operations sites?Would your suppliers have difficulty sending shipments to an alternatebusiness location that you might use on a temporary basis?
Given the existing resources of your small business, define the scopeof the endeavor that you think is reasonable. Define some intermediategoals and estimate the costs of developing your contingency plans rela-
12 Contingency Planning and Disaster Recovery
tive to the potential benefits. You will have to make some assumptions,and you will have to identify some risk factors for your business. Forexample, contingency plans have most often included the provision thatonly one building will be affected in a disastrous event destroying the site,but the attacks on the World Trade Center invalidate this assumption incities with major structures that could be attacked from the air.
You also may have to consider a wider range of disaster-affected ar-eas as you begin to develop your contingency plan. A former colleagueworks in a small business in Lower Manhattan that backed up its datanightly and placed those backup tapes securely in a bank safe deposit box.Unfortunately, that particular bank branch was located in the shoppingconcourse of the World Trade Center. I (Donna) used to bring backupCDs home with me when my contingency plans contemplated worst-casedisaster scenarios such as a fire destroying my office building. I had notcontemplated a scenario that would simultaneously affect both my homeand my place of work. I have since revised my contingency plan for re-covering electronic data.
Developing your contingency plan should not become a large bu-reaucratic effort. Indeed, to be effective, your small business’s contin-gency plans should be a model of clarity, understood by every memberof the company. It begins with key management leaders and includes allof the employees, because in a disaster situation every person who isknowledgeable and prepared can make a critical difference to a success-ful outcome. Employee training is key, because each person must under-stand the importance and necessity of contingency planning and re-sponse to a disaster and know what his or her role will be. In a realemergency you cannot afford to delay your response because roles hadnot been clearly defined. Indeed, we would like to suggest to you that inorder to build employee consensus about the need for contingency plan-ning, you educate your employees and encourage them to develop theirown personal and family contingency plans. Such an effort will likely yieldextraordinary dividends—small businesses are often wonderful places towork in part because we are like families, not large, impersonal bureau-cracies. The sincere care and concern you show for your employees willresult in higher productivity.
To illustrate our point, we would like to share with you three real andpainful stories of families that suffered in disasters. These are examplesof suffering that could have been alleviated had the families done somepersonal contingency or disaster planning. The first concerns a friend
Preparation 13
who suffered a head injury from the force of falling debris in a burningbuilding. His relatives almost certainly saw the disaster reported on thelocal television news. Imagine the mental torture they suffered as theyworried about what had happened to him. If he had maintained an “Incase of emergency . . .” card in his wallet, medical staff who treated himcould have contacted his relatives and informed them of his status. Untilhe was able to communicate himself (he was heavily sedated followingmajor surgery), his relatives were left to frantically call his apartment inthe hope that he would answer or return the messages that they had lefton his answering machine. We both have nurses in our families, and eachof us has a laminated card in our wallets advising whom to contact onour behalf in the event of an emergency. We provide secondary contactsin the event our first contact cannot be reached. We also recommend thatyou verify this information annually because people do move, changeemployers, and so forth, and outdated information is of little use.
Let us give you a second example. I (Donna) was told the followingstory by a neighbor. We have a neighbor who worked in the World TradeCenter and has not been seen since September 11. She is presumed tobe dead. Her father came to New York City to inquire if anyone had seenher and showed photographs of her to the other tenants of the build-ing. This lady had day-care arrangements for her child, but no one, in-cluding the child’s grandfather, knew what they were. Presumably, theday-care provider had been given an emergency contact person, butimagine the anxiety that the child’s grandfather suffered that might havebeen mitigated if he had been made aware of the child-care arrangementsand knew how to directly contact the day-care provider.
Finally, I want to share with you a personal example that had a hap-pier ending. My (Donna’s) mother suffered a traumatic head injury thatrequired extensive medical intervention. My parents, as part of theircontingency planning, had prepared advance health-care directives anddurable powers of attorney in the event that one or both of them shouldbecome incapacitated. I was able to sign consent forms authorizing theforms of treatment that were consistent with her wishes. (I’m happy toreport that she is alive and well.)
Most people generally don’t give such thought to these matters. Weare not by nature ghoulish, but we each have nurses in our families andmy (Donna’s) grandfather was a firefighter, so we probably have a greaterawareness of the incidence of disasters. We don’t intend that our lovedones should suffer needless worry about us and you shouldn’t either, and
14 Contingency Planning and Disaster Recovery
neither should your employees. Encourage your employees to bring themethodology of contingency planning and disaster recovery home withthem. Make them aware of the first aid classes that are offered by the RedCross. Ask them if they can remember when they last replaced the bat-teries in their smoke alarms at home. It is hard to concentrate on thebusiness task at hand if you or your employees are worried about thesafety of your families. If your son was missing following a disaster, howproductive would you have been at work during the period that he wasunable to call you and the medical staff treating him had no family con-tact information? Make careful planning a way of life and of business foreveryone in your extended small business family.
You will also discover that you should do some general process engi-neering on how your company works. If your business has clear lines ofresponsibility, defined processes that are established and followed, anddocuments that are properly filed, you will likely be successful in estab-lishing a good disaster recovery scheme. If your normal business day ischaracterized by managing the crisis du jour in an atmosphere of con-fusion, you will likely have difficulty implementing a disaster recoveryplan.
Many companies that we visited were actually not ready to implementdisaster recovery solutions. Many of them had gone through so manycomputer and system upgrades, using many different “bundled” appli-cations, that they were faced with not only a wide collection of similarlynamed documents in various locations, but they also had documents thatcould not be assigned to any former activity because it was no longerpossible to read them without going through a major deciphering effort.This is much more an issue for small businesses, because large businessesusually have standardized roll-out IT platforms and consolidated userdata storage.
Now you understand why any contingency planning effort must beconducted in concert with a major review of your business, not only toidentify the critical assets that you need to protect, but also to identifyand organize all related items. As you can imagine, although it will betime-consuming at first, your small business will benefit as a result.
Once you have reviewed your business operations, you will be readyto order your priorities and select the areas on which to focus. Some ofthese areas you may consider because they are located in offices thatappear to be at high risk. You may consider other offices as candidatesfor a contingency provision with a remote backup site. An alternate
Preparation 15
business site is needed if your original site is out of service or inacces-sible. An excellent solution for small businesses with multiple sites ofoperations is to share disaster contingency space distributed over all ofyour offices or other facilities. So if one business location goes down, theother locations would provide space and IT services for some key employ-ees. You could also consider integrating a telecommuting setup in yourtemporary disaster recovery provisions whereby key employees wouldwork from home using services provided from an off-site IT setup.
Once you have developed a thorough plan, you must be preparedto revisit it regularly and revise it, if necessary. Take the opportunity toschedule a disaster shutdown of your company’s operations, for example,on the weekend following a regularly scheduled fire drill. Once yourbackup location is ready, you should regularly update and train your keystaff on disaster mode operation. As your small business grows, your needswill change and you will need to adapt your disaster contingency planaccordingly. We also advise you to prepare an inventory of your property,plant, and equipment.
For IT assets you need to keep a record of:
Hardware assets: manufacturer, model name and number, quantity, se-rial numbers, service tags/configuration code, maintenance dates,support phone, location, and replacement cost.
Software assets: manufacturer, title, version, quantity, serial number/li-cense key, support phone, location, and replacement cost.
IT staff/human capital: employee’s name, position, telephone (work,home, mobile), and responsibility during disaster.
System data assets: system name, operating system, location, if backupunit available and where, backup frequency, and person responsible.
User data: system name, operating system, location, if backup unit avail-able, location, backup frequency, and person responsible.
Third party: service name, provider name, and phone (support desk,emergency number).
Printers, network, and other peripherals: manufacturer, model name andnumber, serial number, maintenance dates, phone (support desk,emergency number), and replacement cost.
This information will be important in your recovery efforts as youneed to know which equipment (and which personnel) can be rede-ployed and which assets your insurance policy may replace. Now that we
16 Contingency Planning and Disaster Recovery
have completed our “preparation” overview, we are ready to “drill down”to specific areas on which to focus in developing your contingency plan.In this chapter, we discuss topics such as proper handling of office mail,developing an IT infrastructure, and putting together an insurance pro-gram. Before we delve into the specifics, however, we would like to con-clude this section with two thoughts.
First, notice that this chapter (Preparation) is longer than the follow-ing two chapters (“Response” and “Recovery”). We didn’t plan it that way,but we noticed that was the result when we completed our manuscript.That should be the result: planning is the most important activity you willundertake. Risk management and disaster recovery specialists have anexpression: “To fail to plan is to plan to fail.” The time and effort youinvest in preparation will expedite your recovery from disaster.
The second point we would like to emphasize is that because success-ful contingency planning is closely connected with a thorough under-standing of your business operations, contingency planning almost alwaysyields benefits to your business—even if disaster never strikes. I (Donna)know a small financial services company that began to consider how itwould treat mail delivery following the anthrax scare in the fall of 2001.As the company began to review its existing procedures for handling mail,it discovered something shocking: it was spending $9,000 annually to sendinteroffice documents by overnight express delivery, when an electronicdocument delivery system would have done the same work at negligiblecost. Now, $9,000 is a lot of money to a small business, and we are cer-tain that any small business owner can think of better ways to invest thatsum. In the process of developing a contingency plan, this small businessimproved its operating procedures and has realized a return on the timeand effort invested in contingency planning—even though disaster has,thankfully, not struck. Your small business can, too. With that point inmind, let’s consider a contingency plan for proper handling of businessmail.
BUSINESS MAIL PROCEDURES
Since letters tainted with the deadly bacteria anthrax were deliveredthrough the U.S. Postal Service beginning in early October 2001, con-cern about the safety of our mail has prompted many businesses to re-consider their procedures for handling incoming mail. Public healthauthorities have confirmed 18 anthrax infections to date, including 5
Preparation 17
fatalities. Five individuals in Florida; the Washington, DC, area; New York;and Connecticut died from inhaling anthrax spores contained in letters.Two of the victims, women in New York and Connecticut, appear to havecontracted inhalational anthrax via cross-contaminated mail. We wouldlike to remind our readers that the chance of contracting anthrax fromcross-contaminated mail, according to Dr. Jeffrey Koplan, director of theCenters for Disease Control and Prevention (CDC), is “very low; the mailis, by and large, very safe.”
Nevertheless, the incidents of anthrax infection by mail delivery havecaused fear and anxiety in many workers who must handle postal mail.We believe that better information about the risks, as well as sensiblepractices for handling the mail, will alleviate much of the anxiety. In thischapter we present some basic information about what anthrax is, howit is transmitted, and how anthrax infections may be treated. We thenpresent some suggestions for more efficient mail handling to reduce theflow of unnecessary mail and procedures for handling mail delivered tothe office.
Background Information about Anthrax
Anthrax is an acute infectious disease caused by the spore-forming bac-terium Bacillus anthracis. Anthrax most commonly occurs in animal live-stock, such as cattle, sheep, and goats, and as such is most common inagricultural regions, such as South and Central America, Southern andEastern Europe, Asia, Africa, the Caribbean, and the Middle East. Hu-man exposure to anthrax usually occurs by occupational exposure toinfected animals or their products. Transmission of anthrax to humansoccurs in one of three ways:
• Cutaneous (through the skin) exposure. B. anthracis bacteria sporescan live in the soil for many years, and humans can be infectedwith anthrax by touching anthrax spores from infected animals.
• Inhalational exposure. Exposure may occur by inhaling anthraxspores from contaminated animal products.
• Gastrointestinal exposure. Exposure to anthrax may occur byconsuming undercooked meat from infected animals.
It is rare to find anthrax-infected animals in the developed world.Anthrax is more common in developing countries that lack established
18 Contingency Planning and Disaster Recovery
veterinary health programs. The 18 incidents of anthrax that occurredin the United States from October 2001 were cases of exposure toweaponized anthrax, or very fine, aerosolized anthrax spores producedas potential agents in biological warfare. Hundreds of thousands of fineanthrax spores were placed in envelopes and mailed through the postto congressional leaders and individuals in broadcast media. The inves-tigation to date suggests that the anthrax-tainted letters may have allpassed through two post offices.
Symptoms of anthrax infection generally appear within seven daysof exposure. The symptoms vary with the means of exposure:
• Cutaneous exposure. When the skin comes into contact with an-thrax spores, the affected area initially resembles an insect bite andwithin one or two days of infection, an ulcerated lesion developson the skin. The lesion typically has necrotic (dying black) cellsin its center. Swelling may occur in the lymph glands adjacent tothe affected area. With antibiotic treatment, fatalities are rare incases of cutaneous anthrax exposure. About one in five untreatedcases results in death.
• Inhalational exposure. Following inhalation of anthrax spores,symptoms similar to those of an ordinary cold may develop. Withinseveral days of exposure, the symptoms include severe breathingproblems, possible chest constriction, and shock. Inhalationalexposure to anthrax is almost always fatal, unless postexposureantibiotic treatment is initiated.
• Gastrointestinal exposure. Following ingestion of anthrax-con-taminated food, the symptoms of exposure may be similar to thoseof inflammatory bowel disease: acute inflammation of the gas-trointestinal tract (from the mouth to the esophagus to the stom-ach and to the large and small intestines). The initial symptomsinclude loss of appetite, nausea, vomiting, and fever. In the hoursand days following exposure to anthrax, more serious symptomsdevelop: severe abdominal pain and diarrhea, possible bloodydiarrhea, and vomiting. One-fourth to one-half of cases of gas-trointestinal exposure to anthrax result in death.
Anthrax is not contagious; that is, it cannot be transmitted from in-fected person to person. The U.S. Food and Drug Administration hasstated that there is no known case of anthrax infection from blood do-nors who may have been exposed to anthrax but were in good health.
Preparation 19
Standard blood collection procedures screen for donors with symptomsof illness that would suggest anthrax infection.
Diagnosis of anthrax infection is made by isolating the B. anthracisbacteria from the blood, skin lesions, or nasal secretions. The treatmentfor anthrax infection is a 60-day course of oral antibiotics, such as Cipro®.Anthrax infection can be prevented by vaccination. However, the CDCdoes not recommend vaccination, except for those individuals who workdirectly with anthrax in research laboratories, those who work with im-ported animal products without adequate protection against contact withspores, those who handle possibly infected animal products in develop-ing areas of the world, and military personnel who may be exposed toanthrax as an agent of biological warfare.
The CDC also advises against prophylactic antibiotic treatment; thatis, taking unnecessary antibiotics in the absence of a confirmed anthraxexposure. Frivolous use of antibiotics reduces the effectiveness of thetreatment. The CDC has announced that, in the event of a mass expo-sure to anthrax, the federal government has in place a plan to delivermass quantities of antibiotics to the affected communities within 12 hoursof the reported exposure. While public health officials advise againstunnecessary vaccines and antibiotics, we advise against processing unnec-essary mail.
Reducing Unnecessary Mail
Reducing the volume of mail to your business site reduces the volumeof letters and packages that must be screened by your mailroom. But,quite apart from concerns about mail safety, there are other pragmaticreasons for filtering unnecessary mail to your business site. If you oftenfeel overwhelmed by the volume of messages reaching you, you are notalone. The Institute for the Future reported that 71% of the workers theysurveyed felt stressed by the amount of information they receive each day:on average, 200 messages per day. Sixty percent of workers surveyedreported feeling “overwhelmed” by so-called “info-stress.”1 As a memberof the small business community, your resources and your time are pre-cious. Filtering out unnecessary messages frees your time for other, moreproductive work. I (Donna) remember receiving a deluge of mail solici-tations (and telephone calls) after registering my business with the countyclerk’s office. The volume was excessive, and I resented the unwantedintrusions. Several of the solicitations related to fraudulent copier sup-
20 Contingency Planning and Disaster Recovery
ply schemes, which I reported to the State Attorney General’s office. Thedeluge resumed when I obtained telephone service for our business. Ifind it particularly irksome to return from a business trip and waste timesorting through junk mail.
Actions that you take in the ordinary course of work can invite junkmail to your business. These include completing warranty cards for youroffice equipment; subscribing to newspapers, magazines, or professionaljournals; filing a change of address form with the post office; listing yourbusiness telephone number; or ordering products via the mail or theInternet. We don’t wish to exaggerate the risk: none of the reportedincidents of anthrax exposure that occurred following the terrorist at-tacks of September 11 involved mail solicitations from direct responsemarketers. However, because such marketers seek to avoid having theirsolicitations discarded before being read, they often disguise the originof their letters, thereby increasing the mail you may have to treat as sus-picious. Our recommendation is that you filter it out as best you can.
The first step is to contact your local direct marketing association.Send a letter to the local direct marketing association indicating that youdo not wish to receive any direct mail from its members. In the UnitedStates, write to:
Mail Preference ServiceDirect Marketing AssociationP.O. Box 9008Farmingdale, NY 11735-9008
In Canada, the address is:
Mail Preference ServiceDirect Marketing Association of Canada1 Concord Gate, Suite 607Don Mills, OntarioM3C 3N6
In the United Kingdom, write to:
Mail Preference Service1 Leeward House Plantation WharfLondon SW11 3TYEngland
Preparation 21
You also may write to these same addresses and address your inquiryto their telephone preference service and request that your businesstelephone numbers be removed from their telemarketers’ lists. Be cer-tain to include your business name and addresses of all of your officesor facilities in your letter. As previously stated, none of the incidents ofanthrax exposure following the September 11 terrorist attacks were re-lated to direct mail solicitation efforts. However, in our experience, di-rect marketers often conceal or disguise their addresses in an effort topersuade you to open a solicitation that you might otherwise discard. Wealso have observed that many direct marketers include free gifts in theirmailings, such as free personalized pens, notepads, and other inexpen-sive items. These gifts increase the bulk of the mailings and may appearas “suspicious” mailings.
The next step is to write to the major sellers of mailing lists. Theseagencies collect data, such as business names and addresses, and re-sellthem, over and over again, to their clients. We recommend that you writea letter, include your business name and address(es), and ask to be re-moved from their databases. The four largest database vendors to whomyou should write are:
Metromail R.L. Polk & CompanyList Maintenance List Compilation901 West Bond 6400 Monroe BoulevardLincoln, NE 68521 Taylor, MI 48180-1814
Database America Donnelly Marketing Inc.Compilation Department Database Operations100 Paragon Drive 1235 North AvenueMontvale, NJ 07645-4591 Nevada, IA 50201-1419
One ancillary benefit of having your business removed from themarketing databases is the reduced embarrassment of inappropriate mailbeing sent to you at your place of work. I (Donna) will never understandwhy one well-known company sent me lingerie catalogs at the office,having obtained my business address from a marketing database! Howmany women owners of small businesses wish to receive such catalogs atthe office in the presence of their clients and employees?
The next step to reducing unnecessary mail is to write to each of themajor credit bureaus and advise them of your wish not to be contacted.You may need to include your taxpayer identification number in your
22 Contingency Planning and Disaster Recovery
letter for your business to be identified and removed from active data lists.Call the bureau in advance of writing your letter to determine their cur-rent procedures. The three major credit bureaus are:
EquifaxP.O. Box 105873Atlanta, Georgia 30348Telephone (800) 685-1111
TRWP.O. Box 949Allen, Texas 75002-0949Telephone (800) 422-4879
Trans UnionP.O. Box 390Springfield, Pennsylvania 19064-0393Telephone (800) 521-4019
Finally, you should contact each of the companies with which you dobusiness and advise them not to sell or rent your business name or ad-dress. We have written to the publishers of each of the trade journals towhich my company subscribes and requested that they not make ourname and address available to other parties. This has decreased the vol-ume of our unnecessary mail dramatically. You must be vigilant becausethis is an ongoing process. When you, or any of your employees, com-plete a warranty card or order a product through the mail, you must becertain to include a note advising the vendor not to sell or distribute yourname and address. These steps should reduce the volume of mail to yourplace of business.
As a small business owner or employee, you may face the oppositeproblem: how do you ensure that your direct mailings to potential cus-tomers are not ignored? In the year 2000, $528 billion worth of sales weremade through mail order in the United States alone. The anxiety thatresulted from the delivery of anthrax-laden letters may cause the simpleact of opening an envelope to provoke fear. You can take the followingsteps to assure the recipients of your mailings that your letters are secure:
• Identify your business as the source of the mailing. Be certain toidentify your business through the return address. Present a pro-
Preparation 23
fessional appearance with appropriate typeface on your mailings.Include your company logo on the envelope.
• Consider using a postal meter to stamp your mailings. In additionto saving you unnecessary trips to the post office, and the occasionto overpay your postal charges, metered mail is more likely to beopened and reviewed than stamped mail. This is because meteredmail is more easily traced and therefore less likely to be used todeliver tainted mail.
• Eliminate anything from your mailings that could produce bulkor an uneven appearance. A flat letter is less likely to arouse sus-picion in the recipient than an uneven, bulky envelope.
• Use clear window envelopes showing the recipient’s address. Atransparent envelope is less likely to contain an unwanted sub-stance. Or you may use postcards to contact potential customers.You also may choose to notify potential customers by advancepostcard that a product sample is coming, for example, so that theyexpect a bulky package from you.
• You may wish to apply a seal across your envelope flaps to assurethe recipient that the envelope has not been tampered with sinceit left your place of business.
Finally, to protect the reputation of your business, ensure that youroutgoing mail facility is secure. Conduct careful preemployment refer-ence and criminal background checks to ensure that those who join yourcompany will be of good character and not likely to misuse yourcompany’s mail facilities. Make certain that only your employees haveaccess to your mailroom. We visited the offices of a Manhattan law firmthat propped open the door to its mailroom after hours because thepersonnel who received courier packages at all hours of the evening didnot wish to miss a delivery whenever they stepped away! The mailroomopened onto a public corridor near the elevator bank of a large WallStreet office building. Don’t do this. Be certain that your business facili-ties are secure.
Handling Incoming Mail
Make certain that you and your employees are alert for suspicious pack-ages and letters delivered to your place of business. The U.S. Postal Ser-vice advises us that suspicious mail includes mail that:
24 Contingency Planning and Disaster Recovery
• Displays a powdery substance.• Is unexpected or sent by someone who is not known to you.• Has incorrect postage, a handwritten or inaccurately typed ad-
dress, incorrect titles or a business title without a name, or misspell-ings of common words.
• Is addressed to someone who is no longer with your company oris otherwise out of date.
• Has an unusual amount of tape sealing the mailing.• Gives off an unusual odor or displays stains.• Has no return address or one that cannot be verified as legitimate.• Is of an unusual weight or shape, possibly lopsided.• Is marked with restrictive endorsements, such as “personal” or
“confidential.”
Do not open, shake, or empty the contents of any suspicious enve-lope or package. Contain the suspicious piece of mail by placing it in acontainer, such as a plastic bag, to prevent its contents from leaking.Leave the area where the suspicious mail is contained and advise others,perhaps by posting a sign, not to enter the area. Next, wash your handswith soap and water to prevent spreading any noxious substances to yourface. Be careful not to rub your eyes or touch your skin until after youhave washed your hands. Contact the police and your building securityteam and advise them of the suspicious package for their further inves-tigation. Give the police the names of the other people who were presentwhen you came into contact with the suspicious mail. Should the mailbe tainted with anthrax, all individuals in the area when the mail wasdelivered will likely have to be tested for inhalational exposure to anthrax.
The procedure we have just described was the one followed by aidesto Senator Patrick Leahy when a suspicious letter was delivered to thesenator’s office. The envelope was contained and then removed from thesenator’s office to a government laboratory where it was opened, and thecontents tested. This is the procedure that you should follow in the eventthat a suspicious piece of mail is delivered to your place of business. Becertain that all of your staff are instructed in the identification and re-sponse to suspicious mail.
If a piece of mail escapes your screening procedures and you openit, what should you do if the mail contains powder? The first responseis: do not panic. The powder need not be anthrax. Unfortunately, follow-
Preparation 25
ing the events of September 11, the occasional prankster has sent babypowder in the mail to provoke fear and anxiety in the recipient. We cantell you from our personal experience that we were evacuated from a NewYork City subway when a powdered substance was found in the subwaystation. The powder was, thankfully, not anthrax.
Once you have collected yourself, do not attempt to clean up thepowder. Immediately contain the spilled contents with any available cov-ers, such as a waste basket, or paper, or a piece of clothing and turn offany fans or ventilation units in the area. The idea is to limit the amountof powder that can become airborne. Leave the area where the powderis contained and advise others not to enter the area. Wash your handswith soap and water, again exercising care not to touch your skin or rubyour eyes. Immediately contact the police and your building securityteam. Remove any contaminated items (such as your clothing and itemson the desk where the mail was opened) and place them in a sealedplastic bag. This bag should be given to emergency personnel for propertesting and subsequent disposal. Shower with soap and water and remem-ber to give the names of those individuals who were present when thepowder was released from the mail. Should the powder be identified asanthrax, those individuals will likely have to be tested for anthrax expo-sure.
I (Donna) worked at an investment bank where all incoming mailwas subject to x-ray screening. We recently read that post offices thatdeliver mail to government offices are also irradiating their mail. Suchcostly technology is likely beyond the reach of most small businesses, buttechnological innovation has made other screening techniques feasible.Many companies now offer electronic document delivery. These busi-nesses accept and open your mail (with many customers for whom toscreen mail, it is presumably cost-effective for them to irradiate the mail)and then electronically scan your mail. Junk mail is discarded. All othermail is delivered to you electronically—you never touch the mail!
Stefan used this type of service long before anthrax-tainted letterswere delivered to victims in the fall of 2001. Because he travels to Europefrequently, he finds it convenient to have access to his mail while on theroad. It also helps him to pay his bills online, so bill payments are notdelayed until his return, and his credit rating remains unblemished. Youcan find companies offering such services through the search engineson the Internet.
26 Contingency Planning and Disaster Recovery
Internal Communication
Ongoing communication within your small business is vital. You muststrike a balance between calming fears and staving off complacency. Asthe weeks and months pass, and the anthrax attacks of the fall of 2001recede into the past, complacency will inevitably creep in. Staff maybecome less vigilant about mail security. Ongoing communication isessential to ensure the safety of your staff. Make certain that your staffunderstands proper mail handling procedures and provide periodicreminders. The most important aspect of communicating the properprocedures for handling mail is to address any fear and anxiety that maylinger about anthrax infection.
IT INFRASTRUCTURE
I (Stefan) am experienced in managing large-scale projects, such as evalu-ating the IT strategies of global companies. But I also work with smallbusiness owners and individual professionals to develop their IT solu-tions. Small business owners often are apologetic about the nature oftheir problems, as if the work they present is not as prestigious or chal-lenging as working with large global corporations. Actually, I enjoy work-ing with small businesses because they are dedicated to their work andappreciative of some straightforward advice on how to grow their busi-nesses without exhausting their limited IT budgets. It is gratifying tocontribute to the realization of the dreams of small business owners andemployees. It also presents its own unique challenges: how do you solvethe problems at hand when you don’t have the deep pockets of a largecorporation to build and maintain your IT infrastructure? I find that thiswork gives me the opportunity to learn and to readjust my perspective,which is occasionally distracted when focusing on high-level corporateissues.
My first meeting with the president of a corporation or the owner ofa small business usually starts with a casual conversation about the cur-rent state of IT technology. At today’s pace of development, there is al-ways something new to talk about. But when they start to tell me theirstories, they express elements of frustration when they report to me that“we have spent thousands of dollars on our IT infrastructure, but when
Preparation 27
I recently wanted to do . . ., it was tremendously difficult and I was justwondering if it has to be like that. That’s why we want an independentassessment from you.” When I hear such comments (and I frequently do),I know that something has gone terribly wrong between the business-people and the IT team.
Most businesses have an in-house IT staff or a relationship with anexternal consultant that has built their systems, and of course, such re-lationships are valuable and it is not in the interest of a small business toabandon such relationships in frustration. The IT team that built yoursystem knows the overall system in detail and has made decisions basedon the specifications that your business had provided to them. They mayhave been instructed to implement a certain feature “exactly this way.”Should you terminate this relationship in haste and replace your exist-ing team with a new IT solutions provider, you will incur additional costsand you will likely once again be disappointed with the results. Remem-ber the expression from the movie Cool Hand Luke: “what we have hereis a failure to communicate.” It can be very frustrating for technologicallysavvy IT professionals to try to implement a systems solution at the di-rection of businesspeople who really don’t understand the technicalconstraints or the inherent contradictions or unreasonableness in whatthey are asking. At the same time, it is disappointing for businesspeopleto invest significant sums of capital in IT capacity and find that the re-sult is not what they had anticipated. In such situations as these, what youneed to do is to make sensible and yet powerful changes that will bewelcomed as improvements without embarrassing or blaming the exist-ing IT members for their decisions.
In conversations with small business owners, I often start talkingabout contingency preparations, and they respond with blank stares andtell me that this is not of immediate concern, and anyway, they are alreadywell protected because they just bought this fancy network storage backupunit, or else they hired the same consultant that did the backup systemfor large corporation XYZ. But as I continue to examine their needs withmy persistent questioning, they begin to understand my perspective. Ibelieve that a good IT solution provides contingent capacity, is simple,and is easy to operate. Creating or reviewing for contingency includesanalyzing the current infrastructure, determining how the system is used,understanding current and future needs from a high-level perspective,and observing if those needs are met and if they will be met in the fu-
28 Contingency Planning and Disaster Recovery
ture. The exercise of developing a contingency plan opens the door fora productive dialogue with your IT staff, as well as with your customers,suppliers, and business partners, who should all be a part of your con-tingency efforts. The result of this dialogue will be, I hope, a simplifiedand streamlined technical architecture that leads to better, more cost-effective solutions, and additional contingent capacity. This is a far moreeffective solution to your business than mindlessly importing the solu-tion developed for large corporation XYZ. Generally, the solution thatwas developed for a large corporation and then scaled down for use bya small business fails to yield the desired results.
Small business requirements for IT contingency and IT solu-tions differ substantially from those of large businesses. Weoften see good solutions that have been developed at large
customers simply downsized and implemented in small businesses.But they are in most cases not cost-effective, not sufficiently flex-ible, and not easy to use in your day-to-day operations. And I am sorryto report that should you find your small business in disaster recov-ery mode, the system you imported that was originally developed foruse by a large corporation will become an impediment to your recov-ery efforts. The good news is that you can learn from the mistakesof other small businesses that attempted to import solutions thatwere inappropriate for their needs, and develop your own, much sim-pler solution, at greatly reduced expense.
In developing a disaster recovery plan, businesses often put in placeIT systems that anticipate and prepare for the worst-case scenarios, suchas the total destruction of their business facilities, and assume that all lesssevere disasters are subsumed and automatically protected by the stepstaken to protect against the worst-case scenario. In fact, I have read suchadvice in a number of general books about disaster recovery! This as-sumption generally holds true, but it should not be the basis of yourcontingency planning. Do you intend to initiate a full-blown disasterrecovery action plan each time you experience a small deviation in nor-mal operations? Do you think that is a cost-effective way to run youroperations? In fact, it is much more sensible for small businesses to havea good solution implemented that deals efficiently with the most com-
Preparation 29
mon “small” disaster types, such as human error, and therefore providesa swift recovery. Of course, you also want to have some protection in placeagainst the worst-case scenarios, such as a severe terrorism attack, but itis unlikely that most of the readers of this book will ever be required toimplement such recovery operations. Small businesses typically need amodest, cost-sensitive solution that deals with their specific daily opera-tions issues, which typically means developing a solution that providesfor immediate recovery from modest disasters, even at the expense ofslightly extending the period of recovery from severe disasters.
This, of course, is a different approach than the one advocated bylarge-scale corporations. They need good solutions to protect themselvesagainst severe disasters, such as terrorist attacks. In the case of such di-sasters, their very existence is at stake. Imagine the situation facing theIT teams of the large money-center banks in Manhattan on September11, 2001. They have an enormous volume of financial transactions toprocess, so fast recovery from severe disasters is mandatory for them. Youwon’t be surprised to learn that within five minutes, I could walk frommy apartment to the backup facilities in Jersey City that were hummingon September 11, taking over the responsibility of processing bankingtransactions from their Manhattan-based colleagues. At the same time,however, these large corporations don’t expend much effort worryingabout protecting against human errors, such as the mistaken deletion ofa computer file. Should such human errors begin to interfere with theiroperations, they can simply correct the problem by mobilizing the man-power of their vast IT departments.
To find out what you as a small business really need to feel comfort-able, and to make IT infrastructure a cornerstone of your business, youshould start with finding good answers to the questions related to pro-tect yourself against the six IT disaster types we presented in the Intro-duction. The following are some sample questions; you will probably haveto add your own questions to this outline:
Human error: How do your employees store their data? Is a standardnaming scheme in place? Do you have in place version control fordocuments? How do you share data between groups? How much doyou want to invest in user training versus protecting data throughmore technology expense? How quickly must lost data be restored?
Equipment failure: Which are your most critical systems? What perfor-
30 Contingency Planning and Disaster Recovery
mance do you require from each system? What are acceptable down-times to your business in case of malfunctions? Which infrastructureelements need special protection? Do you have a dedicated budgetfor spare parts and equipment replacements?
Third-party failure: How essential is e-mail (and thus reliable Internetconnectivity) to your business? How long could you work withoutyour phone? How often do you expect power outages and how longwould the outages be?
Environmental hazards: Did you check your offices for environmentaltoxins? Is your lighting system compatible with your computerscreens? How did you prepare for office safety against contaminationby hazardous materials? Which systems must be available remotelyif you were to leave the office right now?
Fire and other disasters: Do you have backups at a safe remote location?Do you have special equipment to detect fires and to automaticallyshut down your equipment? Is your staff aware of the emergencyshutdown operations? Do you have fire protection containers forimportant or valuable items?
Terrorism and sabotage: What is your emergency plan? Will it ensuresafety of your trade secrets? Are you secured against a targeted hackeror virus attack? How do you protect your business from any dis-gruntled former employees?
These are just a few sample questions to guide you in developing alonger checklist that is suitable for your own unique business needs.These are the questions you should ask yourself. Did you find some thatcaught your attention? Are you beginning to think about answers to thesequestions? As you continue to read, we will ask more questions, and evenanswer some of them.
The process of asking questions is often an eye-opening exercise formany small businesses. You will realize against which types of disasters youhave adequate protection and against which ones you have inadequateprotection. As you work through this exercise, you begin to see how yourbusiness processes and critical tasks are connected to your IT infrastruc-ture, and how you can achieve a better link between critical tasks andinformation systems. You will be able to view your IT infrastructure withmore confidence, advising your IT staff or consultants to targeted actionsto improve specific processes and to respond in anticipation of certainscenarios.
Preparation 31
Human Errors
Human error is, by far, the most common and most frequent cause ofbusiness disasters. By definition, human errors are unintentional, andbecause they occur randomly, we hope that the overall impact on yourbusiness operations will be negligible. Each of us has had the experienceof developing a new document by revising an older document or by usinga template. When we finish our work, we hit the “save” button, and im-mediately realize that we have just written over with new text an olddocument that we will need again in the future. The same is true whenwe reorganize our files to reduce the clutter we made in the last monthand unintentionally delete a whole folder of important documents.
Unfortunately, there is no single simple solution. We have to expectthat human errors will be made, and we must be able to protect ourbusinesses from ourselves to the extent possible. I (Stefan) often noticethat managers hope that their employees will be careful with importantfiles, and when they inadvertently delete a file, they hope a backup fileexists. I usually suggest keeping track of these events. If you do so, youwill begin to realize that these errors occur with greater frequency thanyou thought. A CD burner is enthusiastically used for backing up dataand then forgotten after a few weeks have passed. And the correctiveaction taken is most often less than satisfactory. In fact, we frequently haveobserved that the loss of a file is either not even realized or simply neverreported, until someone runs nervously through the company asking ifanyone still has a copy of a particular file. By that time, it is usually muchtoo late to recover this file from backup systems and it would requiremore time to retrieve the deleted file than to create a new one. IT man-agers often have businesspeople making requests of them such as “Couldyou see if we still have a backup file of the presentation we gave to ourmost important client last year? I don’t remember the name of the docu-ment, but I wrote it in the first quarter of the year.” This is not an effi-cient use of anyone’s time, and as a small business owner or manager youknow that experienced IT professionals are too expensive to be used inthis manner and you have too many other important tasks for them.
Small businesses need a solution that is a combination of usertraining and a backup mechanism from which users themselvescan recover unintentionally deleted files. It helps both the users
and the IT staff because the users no longer have to request the IT
32 Contingency Planning and Disaster Recovery
staff to recover files for them, which can be needlessly time-consum-ing. And as a small business owner, you do not need to hire someoneto operate the backup system in the event your staff needs to re-trieve files.
User Training
It took me (Stefan) some time to develop a system for archiving my filesthat works for my business and allows me to recover work that was doneyears ago. I have about 10,000 files compressed into three gigabytes ofdata. I am sure you can appreciate the volume of documents and filesthat a small business creates, so you understand the importance of re-trieving your data. The future of your business depends on the qualityof its information resources and the timely availability of any data needed.
Now imagine you have hired a new employee. Unless you have someguidelines in place, how do you expect this new person to store docu-ments in a way that another employee can easily retrieve two years later?Training your new and, if necessary, your current employees will not justsimply be a computer training exercise, but it will also raise the aware-ness of how your employees should support the contingency plan. Werecommend that you provide at least some instructions to your staff on:
• Storing data on your computer system (and how not to store data).• Sharing data among work groups.• Naming files in progress and naming of files for archival purposes.• Using version control for documents.• Creating logical links, for example, hyperlinks, between docu-
ments.• Archiving files and initiating immediate snapshot backups.• Retrieving files from your backup system.• Shutting down your computer system safely.• Deleting files.
This project will require an investment of time, and therefore it hasa cost associated with it. But once you adopt agreed-upon practices fordata handling, they will soon become standard procedure and your ex-isting staff will cross-train new employees. I am certain that after a fewmonths you will realize the benefits of establishing these procedures.
Preparation 33
When I (Stefan) advised Donna on how to establish such a system, shereported within two months that her business spent less time retrieving,changing, and filing documents. It was particularly helpful for her busi-ness, because she works with overseas clients. Differences in languagesand practices can result in some creative document naming (and somehair-pulling exercises trying to imagine which keyword would help tolocate a document when the author of the document speaks a differentlanguage!). Once you adopt these practices, your business will be ableto easily identify inconsistencies and correct them much more quickly.Group collaboration will become much easier. Isn’t that what your smallbusiness is all about—bringing people together to accomplish a sharedgoal?
Data Backups: Part 1
You have data that must be stored safely. Most of it is mission critical. Thetypes of digital information may range from the product documentationcreated by your employees to the details of key customer accounts, busi-ness contacts lists, sales databases, and e-mail correspondences, just toname a few. For yours as well as for many other companies the competi-tive advantage resides in these information assets and the trained staffwho can work with them. But these staff are the very same people whomake mistakes from time to time. User training can do only so much.User errors will continue to happen.
Making data backups regularly is your second line of defense afteryou have trained your users. But these are not the type of complete sys-tem backups that are made as a precaution to equipment failure. Thosewe will discuss later. The backups that are needed here must address theneeds of the users, and therefore must be done more frequently andinitiated by users themselves. Restoration also must be simple and quick.As a small business, you cannot afford long downtimes or call an IT spe-cialist for retrieval of your files when an important file has been mistak-enly altered or deleted. Just the fact that it was important indicates thatit is most likely used and modified frequently.
Tapes as a backup medium are impractical for this purpose becausethey store data sequentially, meaning data cannot be accessed directly;thus, recovery time is fairly long. It can easily take hours to find a par-ticular file on a large tape. Other removable media, such as diskettes, ZIP
34 Contingency Planning and Disaster Recovery
disks, or CDs, allow the direct access of data. Diskettes are limited in theirstorage capacity, and as such, usable only for small projects. ZIP, CD, andDVD drives have much higher capacities, but still, you rely on the userto make backups regularly and correctly. And users can make mistakeshere as well. Nothing is more disappointing than finding out that youremployee’s backup did not store the important files correctly.
In any case, users expect automatic backup of their work and right-fully consider anything short of that a needless annoyance. In addition,you need to be aware that creating backups on removable media couldraise a security concern because employees could take large amounts ofconfidential data with them without leaving a trace. In fact, if data secu-rity is a major concern for you, you should restrict access to all high-ca-pacity media drives and monitor your online data traffic in and out ofyour company.
You will need a backup solution that allows you to make quick back-ups with easy retrieval of files by each individual user. If you look intothe market for backup storage systems, there are about 50 companiessupplying this market. Most specialize in enterprise size solutions, butsome of them also offer downsized solutions from their larger cousinsto small businesses. They are indeed fast and reliable backup solutions,but they come at a steep price that would leave a large dent in your ITbudget.
In any case, you should select an adequate backup system that fitsyour requirements as a small business in several ways. It must:
• Provide the data security that you need, either on-site or off-site.• Be able to handle to handle your typical amount of data within
time frames acceptable to you.• Provide a retrieval time suited for the disaster type case that you
are trying to address.• Provide a cost-effective solution for your targeted recovery time.
For small businesses, in most cases, you do not need fancynetwork storage hardware, or the latest gizmo in online stor-age technology to provide an adequate contingency backup
solution with fast retrieval possibilities. Imagine that you would liketo make a snapshot backup every hour of all user data files. If theamount of user data that has to be transferred each time is less
Preparation 35
than about 10 gigabytes, and this is true for the wide majority of allsmall businesses, a simple PC with a couple of large hard disks and abasic network configuration will do just fine. In fact, you could evensave on buying another operating system, and simply use a free UNIXoperating system, such as Linux or FreeBSD, and use their built-inmethods to share its file systems with other operating systems. Ifyou configure this machine for input/output (I/O) performance, youhave essentially the same network storage solution that is otherwisesold for at least three times the price.
With regard to online storage solutions, you send all your data to asafe data center located off-site. Preferably, your data should be encryptedand secured if you are using the Internet for this purpose. The use ofsuch online storage solutions looks appealing at first glance, and is of-ten an elegant solution, especially if they are directly supported by theoperating system’s drag-and-drop windows (e.g., Windows 2000 or Win-dows XP Professional). Be aware that you will pay a fee per month or peryear for the actual amount of storage used; your bottleneck in transfer-ring the data will be your Internet connection, or the Internet itself. Andthen there are often limits on the amount of data you can transfer in andout of such a facility per month. By the way, similar limits will most likelyalso apply for your Internet connection, especially if you are using a digi-tal subscriber line (DSL) or a cable modem. A small business shouldconsider if online storage solutions really satisfy its needs, and comparethem with the alternatives that we propose in this book.
There are many different software packages in the market that allowyou to create a backup of your data independent of the final storagemedium, if it is another hard disk, a remote location, or a tape drive. Asimple backup utility is already included in Windows 2000 or XP Profes-sional, and you may buy other software packages separately. However, forthe amount of data typically handled by a small business and using it forthe purpose to recover from user error, we feel that special backup soft-ware is not necessary. You want to avoid many of them because they useproprietary backup file formats, and you do not have the large businessfacilities at your disposal where you can ensure that you will still be ableto read your backup file format after five years has passed.
To create backups of user data, we suggest that you first familiarizeyourself with any easy to use file synchronization tool. A variety of such
36 Contingency Planning and Disaster Recovery
tools exist, some commercially available, others integrated in operatingsystems or simply for download as shareware from the Internet. The waythese utilities work is that they simply scan your local files and all yourfiles on the backup system and then determine which files need to beupdated because they have been newly created, modified, or deleted. Itis the same method used by mobile devices running the Palm operatingsystem, Pocket Windows.
After the initial run (which might take some time if your overall datasets are large), these tools are usually very fast. They scan, for example,10,000 files with three gigabytes total size in less than 10 minutes, andreplace 100 altered files on a backup hard disk in less than one minute.The file synchronization can be triggered by the user anytime. In addi-tion, an automatic update every hour or every night should be scheduled.You can keep as many of these automatically created snapshot backupsas you have disk space on your backup system.
If all users store their data on a file server, run a backup in the samemanner between the file server and the backup system. However, we liketo stress that usually no live file server for user data is needed for smallbusinesses until you reach a certain size or data complexity. It is sufficientto keep data locally on each PC, and then to consolidate these data byfile synchronization, on- or off-site, on a file server that must be availableat certain times. Since the data will be stored at two locations, no furtherbackup of that file server is needed for this disaster scenario. You will besurprised at the cost savings that result from this simple solution.
The backup file system should be configured to provide all backupdata with appropriate access rights to the users on the network, so thateverybody can access and rebuild the data at any time. For ease of use,you can even make all backups available through your web browser, butagain, review data access for adequate data security. And by the way, theavailability and continuous usage also ensures implicit testing of yourbackup system, although you will want to methodically check it out oncein a while.
Equipment Failures
Sooner or later, a component of your IT equipment will fail. (Fortunately,equipment failures occur less frequently than human errors.) Sometimesyou encounter an even more frustrating scenario: an unreliable computer
Preparation 37
that periodically malfunctions. This is a fairly common scenario: abouthalf of data losses on desktop computers can be attributed to data cor-ruption on the hard disk, caused in equal measure by physical hard disksurface damage or software glitches. In one-third of the cases, data arelost due to interruptions in the power supply. In about 10% of the cases,data are lost from desktop computers due to overheated parts, becausefans inside the computer were clogged by dust or otherwise malfunc-tioned. This happens more frequently in dusty or carpeted rooms. Theremaining 10% of the cases of data losses from desktop computers canbe attributed to other causes, such as processor and board failures.
For our present purposes, let us assume that such an event is local-ized; this means that only one system is affected at any given time. Laterin this section, we will discuss complete system failures, including the totaldestruction of the system. We include in this category equipment failuresthat were originally caused by human error. Imagine that, in the processof repairing a broken lamp, you accidentally pull the computer plug.Afterward, the computer no longer boots because a major data corrup-tion on the hard disk occurred when you mistakenly pulled the plug.
It is possible to create nearly perfect protection against system fail-ures. This can go as far as building so-called high-availability (HA) con-figurations that in the extreme case call for guaranteed continuous op-eration and availability. This could be realized with two or morecomputers that monitor each other, and in the event of malfunction ofone of them, the error is automatically detected and corrected and thedefective computer is then shut down. These setups are used for criticaltrading systems, and the space shuttle has five computers in an HA con-figuration.
However, short of launching a space shuttle, or running anexpensive financial trading operation, HA setups for typicalcontinuous availability requirements are not cost-effective.
These configurations are expensive to set up and to maintain. It isunlikely that your small business has such requirements. But you mayhave systems that require 24×7 availability such as, for example,revenue-producing websites and other e-commerce applications. Manycompanies would consider it desirable to also have 24×7 availabilityof their e-mail systems. We strongly recommend outsourcing suchsystems to a large data center. They can do the job for you in a much
38 Contingency Planning and Disaster Recovery
more cost-effective manner than a small business ever could. Theyare experienced in professionally managing hundreds, sometimes eventhousands, of servers under nearly continuous operating conditions.
E-mail is so often included as a critical functionality because it hasbecome one of the most valuable resources for small businesses. In par-ticular, businesses that have done traditionally most of their communi-cation via regular mail or mail pouch now prefer to use e-mail for daily,informal communication and the exchange of ideas. Just think about, forexample, law offices. A couple of years ago you would have visited yourlawyer to discuss a contract. Today, you discuss these items efficiently viae-mail. If you are not a company that is doing business in the IT arena,like this example of the law office, and you have to call a third-party ser-vice to fix your computer system, you should consider outsourcing youre-mail operation to professionals who ensure its proper functioningaround the clock.
For any IT systems that you will maintain inside your business, thereare methods to improve the contingency against equipment failure. Tobegin, rank your systems and associated work flows into the categoriesof “critical,” “important,” or “optional” according to the followingscheme:
• Critical: Systems that directly support your core business opera-tion. For a small business, these systems should be outsourced andoperated from a data center, but you might have very specific rea-sons (such as concerns about data security) for wanting to keepthem in-house and you are willing to accept the occasional lackof availability to keep costs down. Examples of systems you mayprefer to maintain in-house are your client relationship manage-ment system, your company shared documents database, and yourinternal web server. Your goals include system availability close to24×7; downtime less than one hour during business hours; anddata restoration capability of complete and immediate access onbackup server during business hours.
• Important: Systems that provide important add-on services to yourbusiness operation, such as your meeting, scheduling, and calen-dar system or payroll and accounting. Your goals include systemavailability during regular business hours; downtime less than one
Preparation 39
to two days; and data restoration capability that is complete, withbackup data availability on the same or next business day.
• Optional: Systems that make your daily activities more efficient,such as scanners with text recognition software or videoconferencing systems. However, no vital information is stored onsuch systems. Your goals include system availability usually opera-tional during business hours; downtime less than three days oruptime as requested; and data restoration capabilities that are notrequired, but possible on special request.
You probably already have a good idea in which category each of yourcomputer systems would fall. You are now ready to make a direct com-parison and assess the trade-offs between system failure and contingencymeasures, which should give you a clear idea on the required budget andmanpower to protect each computer system appropriately.
Note the importance of simple regular maintenance on your equip-ment. This is an effective measure in avoiding failures that are most of-ten caused by truly trivial circumstances and therefore create more hasslethan actual damage. For example, components like monitors, keyboards,and mice often fail because they are directly exposed to human beingswho sometimes spill coffee over them. Fortunately, they are easily ex-changed as long as you have replacements available. You also want toopen each computer from time to time. Fan inlets that are clogged withdust do not allow sufficient cooling of the internal components. This canquickly lead to overheating. Another warning sign of pending equipmentfailure is grinding noises from fans or hard disks.
Data Backups: Part 2
The backup strategy for equipment failure differs from the strategy fordealing with human errors introduced in the last section. With respectto contingency for human errors, the priority was immediate accessibil-ity of data, preferably by the users themselves, and brief retrieval and res-toration times for individual files. For equipment failure contingencies,the goal has shifted to minimize the total time that will be needed torestore the full functionality of the affected system.
Critical and important business systems must be protected by creat-
40 Contingency Planning and Disaster Recovery
ing a system backup. The user data will be retrieved according to thesimpler backup method presented in the last section of this book. Again,we must select the appropriate backup media for this purpose. In thiscase, we no longer seek quick retrieval of data, preferably by the user, buta complete backup of a computer system. Depending on the number andaverage system size of computers, tape can be beneficial because of itslow unit cost per megabyte of stored data. If we compare the costs be-tween the different storage media and assume that the cost of storing onemegabyte on a diskette is normalized to one, storing the same megabyteon a ZIP drive is about 50% less expensive, 90% less expensive on JAZdrives, 99% less expensive on hard disks, and 99.9% less expensive ontapes. However, this picture changes when you take into account the costof the actual hardware for the media drive. Fast and reliable tape drivesare expensive, and unless you measure your data storage requirementsin hundreds of gigabytes, which would be unusual for small businesses,high-capacity hard disks are close to an optimum between cost-effective-ness and quick data retrieval.
We often use a backup system with large disks to store completeimages of the system partition. The advantage of doing so is the instantavailability of this image anywhere in the network should the system everfail. There are a variety of software tools in the market that provide ex-actly this disk-to-image functionality. Disk images are only dependent onthe file system being used, which means that the data format is not pro-prietary to specific software.
Since your backup system itself becomes a critical part of your op-eration, hosting two different backup data sets, you should consider in-stalling a RAID (redundant array of inexpensive disks) system. You sim-ply add a second hard disk and connect both the old and the new driveto a RAID card, which is available at low cost. Configured properly, theoperating system recognizes the two drives as one logical drive and anydata written to that drive are written to both disks at the same time, ef-fectively mirroring all data. Actually, if you use one of the free UNIXoperating systems, like Linux, on your backup system, you can use thesoftware RAID solution that is included for free. It is more than sufficientfor a backup system.
The mirroring functionality gives you protection against hardwarefailures. But remember that a mirroring RAID system does not protectyou from data lost due to human error. If you delete a file, it is deleted
Preparation 41
on both mirrored hard disks. If you are concerned about human erroras well, you should simply partition the logical hard disk into three ar-eas, one for the operating system, and two partitions of equal size, onefor user data, and the other as backup of the user data partition. Peri-odically, or on demand, you can use a file synchronization tool to updatethe backup data partition. Now you are storing each user file four timeson two disks.
It is a low-cost solution that should give you more confidence aboutstoring data on your desktop computer. Of course, the computer couldbe stolen or destroyed in a severe disaster. We will come back to this topiclater in this book when we examine more severe forms of disaster. Forour present purposes, we suggest that you could make the mirroredadditional hard disk a removable drive and take it home with you eachnight to provide a readily available backup in the event of severe disas-ter. It will not be necessary to reinstall a disk should one of the hard diskdrives fail because replacing the defective disk with a new one will auto-matically trigger a copy from the old disk to the new disk until the dataon both disks are again the same. This process is easy, but can take hoursto complete if the disks are large.
If this RAID method appears to be overkill with regard to your con-tingency requirements, another method is to use a single additional diskand copy data from the main disk to that additional backup disk using thesame file synchronization or disk-to-disk backup tools as previously de-scribed. The advantage to this method is that you would initiate thebackup yourself after you are sure that the changes on your main harddisk reflect the changes you wish to make. You can even use these tools tocreate a backup directly on an external backup medium, such as CDs orDVDs. However, with these solutions you lose the on-the-spot safety of aRAID strategy. If the main disk fails, you will have lost all changes from thetime you ran your last backup to the moment that main disk failed.
Don’t forget to periodically back up your system partition. You mightthink that if it fails, it can be easily reloaded from the installation CDs.Think again. Within only one year, you probably install numerous patchesand updates, software specifically for use by only that particular computer,and customized settings with regard to the actual computer usage. Re-creating this environment when the goal is to minimize system downtimeis counterproductive. Reloading the system from scratch could easilybecome a daunting and time-consuming task.
42 Contingency Planning and Disaster Recovery
You need to make the backup of the system data to a separate harddisk, DVD, or other high-capacity storage media. Using CDs for thispurpose no longer makes sense if the system occupies more than threegigabytes of hard disk space. You would need about five CDs for that task.It is not the installation from such CDs that is time-consuming, it is actu-ally creating them. You would need someone to first burn the CDs andthen test them to ensure functionality. This isn’t necessary if you save yourbackups directly on hard disks. The process of putting the same recov-ery data on a backup system within your network can be automated andtakes less then an hour at night with no necessary human interaction.
Always remember, the additional costs of a backup system willpay off handsomely if you have to make use of your backupsystem only once in its lifetime. We want to stress that try-
ing to repair parts or recover data from defective hard disks rarelymakes economic sense. You should just replace the faulty part andrely on your backups for restoration of data. Interestingly, though,manufacturers report that about 70% of the hard disks returned forrepair under warranty are still in perfect working order, but their datastructure is corrupted. So before you return a hard disk for replace-ment under warranty, try to reformat the disk first and run a thor-ough hard disk check.
If you send your disk to a data recovery service, make sure you un-derstand the costs involved. The service typically charges a low fee to takean initial look at your hard disk, but data recovery work on your disk caneasily cost hundreds of dollars, even thousands of dollars, if data foren-sic experts have to reconstruct files that have been deleted. Consider notonly the cost, but the inconvenience of not having your data for a coupleof days. Of course, there is also a potential security concern when yousend your hard disk to others.
One last piece of advice on this subject: if you have to recreate a sys-tem disk from the stored image on the file server, you will need to buy anew disk. Try to purchase the exact same model disk from the samemanufacturer. If you choose a hard disk from another manufacturer, youneed to be aware that hard disks vary slightly from manufacturer tomanufacturer in size, even if the overall given size is the same. Copyingthe disk image back to a disk that is too small, even if only by a couple ofmegabytes, is not guaranteed to succeed.
Preparation 43
Network Reliability
Network failures, especially for local area networks, are relatively rare.But a network is a good first test on how far contingency planning hasprogressed. When someone tells you that their network is completelyprotected and fail-safe, tell them that you will come over to their officeand “pull the plug” on any one network cable. Observe their response!
Before you see network failures, you will typically first face networkperformance issues, like overloads of routers or switches, which clearlyillustrate the need for good network capacity planning, especially if yournetwork exceeds 20 users. If network reliability and performance issuesare both of great concern to you, we recommend a practical approach,simply to “double-up.” Every computer is equipped with two networkadapters, and you have for each work station two network cable connec-tions. You double your hubs, switches, and routers as appropriate. Youmay consider this overkill, and it probably is, but you should look at itthis way: if it is done early while building your network, the additionalcosts will be modest. The standard CAT5(e) cable used for offices canby itself support two network and two phone connections, and you arebuilding in a performance enhancement and a reliability upgrade at thesame time!
With doubled network cabling and routers, you are now also able tohave the routers automatically reroute your traffic through an alterna-tive network path if the preferred route is down due to a failed connec-tion. You also can use the mechanism for load balancing, but at that pointyou would probably need the help of an experienced network consult-ant. In any case, if you just think about this early in the process, such aswhen setting up a new office infrastructure, you can get all of this at littleadditional cost to your overall bill.
Of course, you should always have a carefully chosen inventory ofspare networking components available, so that you will be able to quicklyreplace a faulty part. And if a network does go down, and you still have notoutsourced your systems that need near 24/7 availability, you should in-stall a network monitor that would automatically dial the numbers of thepeople that are assigned to handle the emergency. By the way, most ofthese units also monitor environmental conditions, such as loss of electri-cal power or room temperature as an indication of proper air condition-ing. Some even can detect if smoke or water has entered the room andthey can therefore be of great help in avoiding subsequent damage.
44 Contingency Planning and Disaster Recovery
We recommend that you purchase stand-alone network com-ponents. It is generally not worth short-cutting expenses bynot purchasing additional network equipment and instead
configuring a computer as a router or print server, for example. Youare building network functionality on a complex piece of equipmentthat is much more likely to fail than a comparatively simple stand-alone solution. This is especially true if the computer is also used forother network management tasks or even as a file server. And even ifwe do not consider actual hardware failure, we often hear complaintsabout performance issues, and we find printers that have severeconfiguration flaws, such as those that been connected via parallelports on the file server. Serving this type of port requires a fairamount of processor power, something you definitely want to avoidon file servers.
Equipment Quality
If you are concerned about contingency, you want to have high-qualityequipment. A few unreliable components can cause lots of trouble. Theyfail more often, they require frequent repairs, and they will eventuallyhave to be replaced with a more reliable component.
I (Stefan) am often asked “Which computer should I buy?” Thequestion is easier to answer if you are looking into some special marketsegment, like the large IBM and Sun computing and file servers or theApple computers that are ideal for people who work in the design andmedia world. But when it comes to standard PCs, the answer is not asstraightforward as you might think.
There are many sources where you can purchase new equipment.Standard PCs are available from large brand names, such as Dell, IBM,HP, Compaq, or Gateway, just to name a few, and there is a large marketof lower cost brand name or good generic products. The real advantageof going with one of the big names is that you can rely on their supportorganizations if you ever have any trouble with your computer.
If you are looking for specifications on reliability, you will hardly findone for the computer system itself. The big companies market their prod-ucts by technical specifications, such as processor speed, memory, andhard disk size, and often you need to be a specialist to determine why
Preparation 45
two apparently identical systems are priced differently. Do you know thedifference between the different memory systems, like SDRAM, DRAM,and DDR333, or packaging, like SIMM, DIMM, RIMM, and BGA, or thatmemory with DDR333 chips in DIMM packaging is referred to as PC2700?And what it all means to you for your daily work? Does it mean anythingfor reliability? We suggest that computer manufacturers watch the tele-vision automobile commercials. Cars are advertised not only for theirhorsepower and design, but also for their proven reliability.
You really want an answer to the question “Which computer shouldI buy?” If you go to a store and ask, you will get an answer, or at least theopinion of an individual (“I know this system from [large company] Iworked for and, believe me, they do really make good computers”). Totell you the truth, the differences between the computers are marginal.The parts that are inside the box are pretty much the same in all com-puters. They are produced on a world market from a variety of largemanufacturers. If you are in the market to buy a standard office PC or asimple file server, you should look for systems that have been labeled foruse by small businesses. Many manufacturers offer these base systems atattractive prices. However, you need to know that they make their moneywith all the add-ons to that system, which you then purchase at a rela-tively high price—not unlike purchasing a car from the dealership! If youare looking for something truly specific, like a fanless super-quiet system,and you are somewhat PC technology-literate, you are probably betteroff looking for a “no-name.” Actually, even with good no-names, reliabilityof the parts inside of a computer is of little concern, because if you re-ally look inside, you will find that all manufacturers use more or less thesame basic parts from worldwide suppliers anyway. And by the way, forthe actual parts you will always find reliability measurements, like mean-time-before-failure (MTBF).
Do you really want an answer to “Which computer should I buy?” Ifso, we propose taking a different perspective. Think about the elementsthat you will interact with daily once the computer is on your desk: thescreen, keyboard, and mouse. Here you will find quality differences, andif a part is defective, it is easily changed. So make sure that you alwayshave some spare components available.
As for the keyboard and mouse, there are big differences in qualitybetween a no-name and an actual branded product. From most inexpen-sive to most expensive, prices vary by a factor of 10 and more. If you everexperienced a mouse that constantly got stuck while you were trying to
46 Contingency Planning and Disaster Recovery
finish an important presentation, you will appreciate an optical mouse.It is more reliable, more precise, and works on nearly any surface. Forthe keyboard, you should defer to the individual preferences of employ-ees. A keyboard, and to some degree a mouse, can make a difference insomeone’s overall experience with a computer system. In the end, theseare inexpensive purchases anyway.
As for the monitor, although they cost twice the price of comparabletube monitors, active matrix LCD displays over their lifetime will actu-ally be the more cost-effective choice because they should outlast abouttwo generations of computers and give a sharper picture that does notdeteriorate over time. They use 70% less energy and can therefore pro-vide extra time if you run on batteries. But you should be aware that thereare differences in quality between LCD displays. The same manufacturerwill produce a “consumer” and a “professional” version. The price dif-ference is often marginal, but the professional versions are improved onimportant parameters, such as the contrast ratio, which should be at least1:400 or higher, but in consumer products you will most often find only1:300. If you still opt for a regular tube monitor, choose one with a dotpitch of 0.25 or smaller, a horizontal bandwidth of at least 70 MHz forsharpness, and a vertical refresh frequency at your preferred resolutionof at least 80 Hz to ensure a flicker-free image.
The optimal amount of memory and disk space, as well as the pro-cessor clock speed, depends on your specific usage of the system. Ingeneral, however, most systems benefit from an upgrade of the video card.Poor video signals from original video cards can ruin your effort toobtain a clear image on your screen. Remember, no monitor will makea good picture from a poor input signal, and upgrading your video cardis inexpensive. Since a fast processor can only perform well if it gets therequired data from memory or the hard disk fast enough, plan to spendgenerously on memory (RAM) and a fast hard disk. Note also when com-paring different systems that it is not simple to compare the processorfrequency from one processor to another. Different processors with dif-ferent architectures can have significant performance differences oncertain tasks. For example, the PowerPC chip in Apple’s computer isparticularly good at handling operations on large bitmap files; thusit is well suited for the graphic design work it is often used for, althoughthese chips run at about half the frequency as comparable Pentiumchips.
Preparation 47
For contingency planning, “equipment quality” as such is oflittle concern, because most brand name companies build theirsystems from parts often made by the same original equip-
ment manufacturers (OEM). You need to make sure that the threethings you work with every day—the monitor, keyboard, and mouse—meet high-quality standards. Keep your computer network as consis-tent as possible. The more similar systems you have, the easier it willbe to rebuild your office infrastructure. You always want to try to buyor have at least four PCs that are identical. A greater number ofidentical PCs is even better, but small businesses typically buy aboutfour PCs at a time. Always buy the latest generation processor. Thisshould extend the lifetime of the PC for one additional year, and thatusually compares favorably to the cost savings of buying last year’sprocessor at a discount.
If you consider using laptops with a docking station at the office, keepin mind that laptops are generally more expensive and slower than com-parably priced desktops. They are, however, very well suited for contin-gency planning, because you can simply take them with you.
For printers, an inexpensive printer will quickly become more expen-sive with increasing print volumes. Calculate the cost per page by con-sidering the various ink and laser cartridges and compare the costs withyour expected printing volume and you will find amazing results. Socarefully review your requirements. If your printing output is mostly blackand white copies, we recommend you start with a laser printer becauseit is generally more reliable than an ink jet printer. There is simply noliquid ink that can dry and clog up a print head. The laser printer shouldprint at least 10 pages per minute and its cartridge should print 5,000pages. If you like to print color occasionally or you need a second, inex-pensive printer, then buy a separate ink jet printer.
We have reservations about buying systems that have manyintegrated functions. Over the past year, multifunction ma-chines have become popular among small businesses. They are
less expensive then stand-alone machines because they can share thehousing, power supply, and so on. But it can become frustrating if sucha machine malfunctions and must be sent away for service. You lose
48 Contingency Planning and Disaster Recovery
all its functionality at once. You need to ensure that you have at leastyour basic everyday needs covered with simple, but reliable units, likean inexpensive black-and-white laser printer. Then a multifunctionmachine with color printing can be a fun addition for tight spaces.
Software Installation
Computer systems fail more frequently due to software glitches than tohardware problems. It happens all too often: the computer simply freezesand you need to reboot, potentially losing all the data in the documentsyou were working on. We recommend that you use only operating sys-tems that have been proven stable and reliable in deployment for largeinstallations (e.g., Microsoft Windows 2000 Professional or Windows XPProfessional). The Apple Macintosh and many of the UNIX operatingsystems, either on their native platforms or in their Intel-compatibleversions, are also very robust. They have become an economical solutionfor simple server functions, like file servers, web servers, and so forth.
In large businesses, PCs are deployed with a standard configurationinstalled. In small businesses, we often find PCs as they came out of thebox, with various different software packages installed, most of themdemo or light versions. Although this is done for marketing purposes, itis sometimes counterproductive to the reliability of such systems. In fact,it comes as no surprise to us when months later you suddenly introducean incompatibility between new software that you just installed and apackage whose name you had never heard of, but that was installed onyour PC. Also check the compatibility of the software you are about toinstall with your operating system. We have seen systems that had to bereinstalled after a failed attempt to install incompatible software, suchas installing Windows 95 software on a Windows 2000 machine. It is quitepainful, but we can only recommend to small businesses that they alsoperform a clean installation of the operating system on delivery of thenew hardware, and then install the applications that are truly needed,even if this initially requires more effort. But it will be beneficial in thelong term, especially for reliability. It will effectively prepare you if youare growing and soon will have a network that would call for a “your-stan-dard” PC configuration, with a standard office package and some stan-dardized network and backup data access features.
Preparation 49
We strongly recommend loading a system maintenance pro-gram. Make sure that the software you choose has at leastthe following features that you should be able to schedule for
automatic run one or two nights a week:
• System virus scan and automatic updates over the Internet.• Disk defragmentation.• Thorough system inconsistency check.• File system and hard disk error check.
These preventive functions will help to keep your PC in optimalshape, long before larger issues become significant and possibly in-terrupt the operation of the PC.
Third-Party Failures
You have made significant efforts to protect your business from humanerrors and from equipment failures. But you are not alone in this world,and your business is highly dependent on third parties providing a vari-ety of services to you. There are direct IT services, such as your Internetconnection, e-mail, and web hosting, which are provided via the Internetfrom a data center if you outsource these services, and of course thereare the standard services, such as phone lines, electrical power, water,heating, and air-conditioning.
If you could, you would actually like to buy each service from twoseparate vendors, so that you have two companies providing you withphone service, another two companies providing you with Internet ac-cess, and so on. In theory, if one service fails, you would always have thesame service from your other provider available. But that is only a theory.
When you buy services for your business, each supplier offers a wholelist of service offerings and to make it really attractive, your salespersonwill offer a nicely priced package deal. So a phone company would offeryou Internet access together with their phone service, a cable TV com-pany would offer you Internet access with your cable TV, and so on. Mostthrow in additional services, like e-mail and web hosting. Many peopledo not know that you can get add-on services by themselves, such as cableInternet access without actually having to sign-up for cable TV. In fact,you should carefully review if any type of bundling of services from one
50 Contingency Planning and Disaster Recovery
provider is really worth the savings. Often it is not, and there is more built-in dependency than you would appreciate at first glance. For example,the e-mail accounts that accompany the service subscription are normallyaccessible only when you have been authenticated and are connected viathat particular Internet service. Of course, the vendor will tell you thatthey are doing it to protect themselves from abuse of their mail servicesfor relaying spam mail. But this is only partially true because there aremany other methods, like separate authentication for outgoing e-mail orlimiting the amount of outgoing mail from one e-mail account, whichwould have little effect on you but would deter individuals that would liketo send spam mail to thousands of people. However, what your Internetservice provider (ISP) is trying to do is to tie you, its valued customer, asmuch as possible to its services. This means that if your Internet accessgoes down, so does your e-mail. Only when you try to change your ISPwill you realize how much they have managed to lock you in. Imaginethis happens to you in a disaster situation: your ISP no longer offers ser-vices for whatever reason and suddenly you not only have to work ongetting a new ISP, but you need to change your e-mail address as well.When you are in an emergency situation and responding to a disaster,you don’t want to have your hands tied this way.
Choose your Internet service provider independently of theother services they provide in their package. You first want tomake sure that the Internet service suits your needs. As for
the provider’s other offerings, like phone service, make them second-ary services for your business and obtain a separate primary phoneservice contract from another provider. This is particularly true fore-mail and web-hosting service through your ISP. Use them for non-critical applications, such as a website for internal information thatyou make available with password authentication. Here you can postthe latest marketing information that can be accessed by your salesstaff on the road. Purchase critical services, like your e-mail and yoursales-generating website, through a large independent data center.
When we speak of service that has failed, we do not necessarily meantotal blackout of that service. In fact, most third-party services have clausesabout reliability guarantees in their contracts, so the service itself rarelygoes down. But the quality of the service provided is so poor that it is
Preparation 51
practically useless to you. Then you have to fight with the provider to fixtrivial problems like noisy telephone lines, slow Internet connections,surges in electrical power, or insufficient heating or air conditioning.Before you sign up with any company, you should try to meet the peoplein charge for your technical support when you enroll. They need to giveyou satisfactory answers to how they would resolve issues for you (and howquickly) and specify those guarantees in the contract. You also want toexplore the possibilities of a test connection or visit one of the provider’sexisting clients and have your IT-savvy person check out important pa-rameters, such as the bandwidth and latency for a planned network con-nection. You can then determine if it is within the range you need.
Before you start looking for an alternate provider, it make sense tofirst meet with a representative of each of the organizations that wishesto provide the service to you. They will sensitize you to issues that youhad not appreciated. It is essential that you try to establish a good rela-tionship with your contact at the third-party service provider. Attend anyinformation sessions to which you are invited. They are a good opportu-nity to meet the senior management of that company in a casual setting.Mention to them that you are working on preparing a contingency planfor your business and you would like their recommendation on whichprovider you should use as a backup if their service fails—not that youassume it will, but just in case. It is a good idea to follow it up with a “thankyou” letter expressing your interest in promptly completing your contin-gency planning.
You will achieve two results:
1. You should receive a letter outlining the contingency plans thatyour third-party provider has in place that will guarantee yourservice. The guarantee that you receive is usually somewherebetween 99.5% and 99.9999%, equivalent to a few minutes peryear.
2. Your provider will, reluctantly, recommend one of their competi-tors as a backup provider. They won’t do it in writing, but theywill tell you on the phone.
If you do not achieve those two results with your service provider, thenswitch if you can. It makes no sense to stay with them in the long run. Inany case, you need to obtain contingency, meaning at least a second,maybe even a tertiary, service provider. And having a personal contact
52 Contingency Planning and Disaster Recovery
with direct phone numbers is very important. If you are in disaster-recov-ery mode and need their help, you do not want to log a support requestwith their customer support desk thousands of miles away and hope fora prompt response by their local emergency team.
Again, if e-mail and web hosting are essential to your business, theyshould be hosted in a professionally managed data center. Outsourcingis not expensive. You can find simple web and e-mail services that costless than $10 per month, and you definitely do not want to do your ownconstant network load monitoring, fault detection, and upgrade plansfor scalability as your business grows. There are also some inherent ad-vantages, because you might get some services at a data center that youcannot build yourself. For example, hosted e-mail services most oftenprovide additional anti-spam measures that work by comparing e-mail thatis sent to hundreds of e-mail accounts of different companies at the sametime, indicating that it is some sort of mass mailing, most likely spam, thatis then automatically blocked if you have requested this service.
In the case of a disaster, you want your staff focused on get-ting the business up and running. You do not want to thinkabout moving services to get your website back up because
your ISP has failed. In that sense, good planning and purchasing ofservices can definitely simplify your own disaster contingency plans.Make sure, however, that your service providers are well equipped tohandle their own emergencies and can handle disaster situations atleast as well as you can.
Phone Service
We have gotten used to reliable phone service. It is still one of the mostused methods of communication. Remember that phone lines are notonly used for oral communication. They are used to send faxes, to con-nect to the Internet via modem, or for credit card authorizations. Afterthe World Trade Center disaster, many businesses suffered further lossesof income simply because they could not use their credit card authori-zation machines when the telephone lines were down. One example isthe Strand Bookstore Annex in Lower Manhattan, just a short walk fromthe World Trade Center. For many weeks after the disaster, this store andmany other businesses as far away as Chinatown were unable to accept
Preparation 53
credit card payments because its telephone service had not yet beenrestored. As you well know, customers who must pay in cash typicallyspend less than when they charge their purchases. It would be difficultto calculate the revenues lost to such businesses that had already lostrevenues when they were closed during the period immediately follow-ing the disaster. Consider these other uses of phone lines to come up withan effective contingency solution.
In large cities, you can usually choose between several telephoneservice providers. But you need to make sure that you are not buying fromtwo phone companies that are in fact each just reselling phone servicesfrom other parties. Otherwise, if that party has a problem, your servicegoes down, and your phone companies will simply refer you to the sup-port desk of that third-party provider. It sounds ridiculous, but we foundthat when you evaluate phone service providers, let the providers showyou their own physical phone connections into your building and makesure they are completely separate for the two companies you select.
Phone service failures are rare, but when they occur, you will need abackup solution. If you only have one phone company you can deal with,you protect yourself best if you have phone service through two differ-ent offerings of that company, such as analog phone lines combined witha digital line, such as ISDN or voice T1 circuits with 2, 3, or 24 simulta-neous lines. In this case, analog lines would even work if your area isexperiencing a power outage because the lines are powered by the phonecompany.
However, for small businesses it is rarely cost-effective toimplement redundant phone circuits. If the telephone servicefails, it is most likely due to a service outage, not to the ac-
tual hardware. But even if it is the actual hardware, because nearlyevery business executive has a cellular telephone today, the cell phoneis the natural backup2 solution for your land-based circuits. You shouldchoose cell phones as your backup service of choice unless you are ina rural area with little cell phone coverage.3
The question is how to automatically connect land- and cell phone-based service so the cell phone service would take over if the land linesfail. The problem is that once the land lines have failed, it is not possiblefor you to forward land-line calls to the cellular phones.
54 Contingency Planning and Disaster Recovery
The solution is developed by thinking in reverse. What you want todo is to buy a cell phone (of course, if you only plan to use it for contin-gency purposes, choose a calling plan that has the lowest monthly fixedcosts) specifically for phone contingency purposes. You give out thatnumber as your general contact business number. You program thephone in such a way that any incoming call is forwarded to your land-based business phone number when the cellular phone is switched off.If your land-based line fails, you simply switch on your cellular phone,and voilà.
This scheme can be easily extended to any number of cell phonesand any number of land lines. You would simply configure both the cellphones and land lines in hunt groups, meaning that if the first numberin the group were busy, the call would be redirected automatically andinstantaneously to the second line, and so on. The last cell phone wouldbe redirected to the first land line, which in turn would roll over to thesecond land line if busy. If the land line service failed, you would justswitch on any number of cell phones that you needed. If you like thissetup even for use during nondisaster times, remember to give out thenumber of the cell phone that you are carrying from the group of con-tingency cell phones so that people may call you directly, especially if theyare used to calling your direct extension on the land-based system.
The last cell phone (or the last cell phone in your cell phone huntgroup setup) forwards to a voice mail box. Again, you do not want to useany voice mail box that is provided with your land-based lines or your cellphones. You need one that has a different delivery mechanism than byphone because you also need to be prepared that the cell phones mightstop working. In that case, any call would be forwarded directly into yourvoice mail box where you could listen to the messages, assuming, ofcourse, that the forwarding mechanism still worked. Therefore, it is agood idea to publish your voice and fax service number on your letter-head and your business cards so that people have an alternative voice andfax number to reach you.
We strongly recommend that you sign up with a voice mailprovider that delivers your messages over the Internet via e-mail. In fact, you should sign up with an integrated voice and
fax service. This service often costs less than a regular phone line.Single providers of only voice mail or fax delivery via the Internet areusually not cost-effective.
Preparation 55
Since the Internet has been designed to automatically reroute traf-fic if one or many paths no longer work, as long as you can connect tothe Internet from somewhere, it is likely that you can receive your e-mailsand hence, your voice messages and faxes.
In case both your land-based phone service and your cell phoneservice fail, your calls or faxes are forwarded to your integrated servicenumber. You could even configure your system in such a way that it au-tomatically sends you a short notification message with a summary of yourvoice or fax message to your cell phone or pager. At least you would knowwho called or who sent a fax. It is a service you will also enjoy duringnondisaster times. It reduces unnecessary calls to your cellular phone.
You also might want to use your integrated service number for otherbenefits. If you use it as your public phone and fax number, you willprevent telemarketers and other people from calling you directly. Theywould need to leave you a message, and since the message is deliveredby e-mail, you could screen it upfront. If it originates from a known junkmessage or fax source, you simply route it to your junk mail folder.
Another great thing is that these integrated services give youa local phone number or 800 number in any part of the world,with voice greetings in the local language. So people in Hong
Kong can leave you a message as if you were a local business. And ifyou do not have Internet access, you can listen to your messages byphone. The system’s computerized voice can even read you your e-mails over the phone.
Electrical Power
You probably will not have much choice with respect to utilities. You haveto take the service provider that covers your city or county, although youcan often choose which company supplies the electricity that they deliver.That doesn’t change the fact that there is only one connection to thebuilding. Whatever contingency you need in utilities during a disaster,you will need to provide yourself.
Electrical power is usually available at any time. Still, there are alsoquality issues, like peaks in voltage as well as micro-outages, especially inrural areas where you have large users of electrical energy. Because mostIT equipment is sensitive, it is best to use a surge protector, even better
56 Contingency Planning and Disaster Recovery
to use an uninterruptible power supply unit (UPS), which is usually asurge protector, together with a small buffer battery that would supplyenergy for about 10 minutes, enough to finish important work and to shutdown the system. Most units support an automatic shutdown before thebattery is completely depleted. Think about laptops as computers with abuilt-in UPS!
Some buildings supply self-generated backup power. This power isusually much “dirtier” than power from the outlet. Under these circum-stances, you need to have a UPS unit, preferably one that is designed tosmooth out a rough electricity supply. Most do.
During any power outage, one of the most limiting factors will be thefact that simultaneous failure of the air conditioning can lead to insuffi-cient cooling of equipment, especially if it operates in a small space. It istherefore a good idea to keep track of the inside temperature of keyequipment, to ensure that the environmental conditions are adequate.If the air conditioning for a machine room fails, all nonessential com-puters should be shut down. The essential equipment will be monitoredand, in due course, will be shut down as well.
Internet Access
In general, a small business will most likely consider the following optionsto connect to an ISP:
• Dial-up via an analog or digital phone line.• Connection via DSL or cable.• Connection via a data circuit, usually a T-1 line, either dedicated
or shared with other users.
Before we can talk about how to use these different services to estab-lish good redundancy, we will go a little deeper into some specific tech-nical details that you do not find advertised as such. Each vendor will onlytell you the benefits of his solution and not how it compares with com-peting services.
The dial-up method through a regular phone line is the most basicmeans to connect to the Internet. The immediate advantage is that phonelines are readily available and can immediately transfer data. The draw-back of the analog dial-up is the limited bandwidth. In general, consider
Preparation 57
a 56-kbps (kilobits per second) modem as the bandwidth that you willprobably never reach. Depending on the quality of the phone line, theactual connection speed is much less; in this case, typically around 50kbps.
Phone companies use digital circuits with digital compression meth-ods to optimize their usage of available bandwidth. With ISDN (Inte-grated Services Digital Network), a direct connection to the digital phoneline is established. Two data channels of 64 kbps provide a total usablebandwidth of 128 kbps. Like an analog modem connection, ISDN is stilla dial-up to a service provider, and thus it usually comes with per-minuteusage charges if you exceed your monthly allotment. ISDN has beenquickly superceded by higher bandwidth solutions, but this might be acost-effective solution in rural areas where other data line services areexpensive.
Most residential high-speed Internet connections are basedon either cable modems or DSL. The data signals are overlaidthrough your cable TV or phone line without interfering with the
primary signals. The main difference between the two is that TV cablesare highly interconnected within the same building; thus, you shareyour high-speed connection with everyone else who is connected. Incontrast, DSL lines are dedicated connections. However, this does notguarantee that your data are not eventually routed into a shareddata network at your ISP. In fact, this is most often the case, andyour ISP might hand the data to another ISP, which hands it on toanother ISP, and so forth. Of course, that also can happen with a cablemodem ISP, but we have seen it more often with DSL service.
The bottom line is that both DSL and cable modems provide fastInternet connections. But they do not guarantee data throughput. Per-formance will vary greatly depending on the load of the network segmentto which your service is connected. You will often see service disruptions,especially during peak usage hours. ISPs often limit the maximumamount of data you are allowed to put through your DSL or cable mo-dem Internet connection, simply to discourage users who are misusingthe connection to host Internet services. While both services are gener-ally reliable, there are occasional short outages and not the same uptimeguarantee you get with true data connections. If the service goes down,
58 Contingency Planning and Disaster Recovery
Murphy’s Law states that it is just at the moment when you are sendingyour most important e-mail ever.
Dedicated data connections, such as T-1 circuits, are best ifyou rely heavily on your Internet connection. They have beenaround for a long time, and they provide solid data connec-
tions. You can obtain data service with a variety of up-time guaran-tees, but it is usually significantly better than DSL or cable. Of course,this comes at a price about five times higher than for DSL or cableconnections at a comparable bandwidth. In rural areas, unfortunately,you also have to pay a charge per mile to the next data connectionpoint of the telephone company. Sometimes you are asked to sharea T-1 connection with several of your neighboring businesses, whichcould be a cost-effective option.
Even if you obtain a dedicated data connection with a high availabilityguarantee, if you really depend on the Internet for your business, as manysmall businesses do, you still need at least one more alternate connec-tion. Data lines, as telephone lines, are susceptible to equipment failuredue to ordinary events such as disruption by construction work. It hashappened that data lines have been mistakenly cut by construction workon the street, leaving you vulnerable if no other third-party provider hasits own independent cabling in place.
You need at least two methods for connection to create additionalredundancy. In principle, you could use any two methods, but for prac-tical purposes, you would always choose two comparable bandwidth so-lutions. As a third backup, it is always a good idea to have one or moreanalog phone lines reserved. But a word of caution: you do not want toconnect your PC directly to an analog phone line and dial-up your ISP.You would create the risk of a security breach. Instead, you should use aseparate dial-up modem, router, and firewall integrated unit that willprotect your network and automatically share the access to all comput-ers in the network.
DSL and cable modems are a good pairing for redundancy. In mostcases, these services are delivered through two different access points inthe building. The drawback is that cable modems are usually not avail-able in commercial areas. For a small business it could be sufficient tohave the DSL connection at work and the cable access at home, if it is
Preparation 59
feasible for you to drive to your home when the DSL connection goesdown.
We recommend most often a (shared) T-1 connection as the primaryInternet service with a DSL as backup. You need to ensure that bothservices come through two different sources, meaning physical accesspoints in the building and different network paths to the Internet back-bone. In urban areas it is often the case that DSL service is routed some-where at the phone company through the same connection points asT-1 lines. If there is a major disaster, both services are lost. If in doubt,add some analog lines from a different phone company or through yourcellular phone, just to be safe.
In any case, to ensure adequate Internet service at any time, suggestthat your Internet providers configure your line to ensure minimumthroughput to certain sites, especially during peak usage of the system.All other less important traffic is routed through your backup connec-tion. Or you can reserve the bandwidth on your main connection forcertain types of traffic, and restrict other traffic, e.g., music files, to amaximum of 10% of the available bandwidth. This would also be a pre-caution against an ISP “denial of service attack” provoked consciously orunconsciously by an employee. You might also consider using a systemthat would page your IT person if the Internet connection becomes slowor even gets lost.
Environmental Hazards
Imagine you arrive at your office in the morning and the building isclosed. Or you are already in your office, an alarm sounds, and you areasked to leave your office immediately. This occurs when a hazardoussubstance has been detected or if the building is to be closed for policeaction. In any case, you are standing outside of the building and you donot know when you will be able to reenter your office. And the worst partwas that you had no warning that this was coming.
If you think that this scenario is highly unlikely, think again. Thereare many possible scenarios and many of them have already happenedto thousands of small businesses. Whenever air pollutants reach an in-tolerably high level and government-set limits are exceeded, you may nolonger be able to reach your office. Possible causes include nearby acci-dents, fires with dangerous chemicals and toxic smoke, asbestos fibers
60 Contingency Planning and Disaster Recovery
in the air, and foul odors. We also have seen the worst scenario with re-gard to hazardous material: Chernobyl. The widespread radioactivepollutants will remain in the soil, water, and air of that region for centu-ries.
For a certain period of time you will need to maintain critical busi-ness functions remotely. The environmental hazard may have affectedthe health of your employees, so you may need to operate with fewer staff.
You can prepare for such an event by having all important documentsonline for remote access and having your staff appropriately trained andprepared to use a telecommuting infrastructure (which can be conve-nient even when no disaster has occurred). Of course, there are costsassociated with the development of a telecommuting infrastructure, andyou need to assess whether the potential benefits justify those costs. Youmay conclude that the hazardous conditions will likely not last for morethan several days, a length of business interruption that many small busi-nesses can tolerate.
Remote Operation: Stage One
In remote operation at stage one, you and your employees cannot physi-cally access your worksite or business office, but the office is still intactand some core systems continue to function properly. You need to pre-pare in advance so that you can remotely access all important companydata and e-mail. The provision for this disaster scenario will have thebenefit that it will also allow your employees to telecommute even innondisaster situations or allow your salespeople to access your company’sdata when they are traveling. It will permit the sharing of your data withother company offices.
It is a good idea to scan and archive most important documents elec-tronically. You can access them remotely if you are forced to do so un-der hazardous environmental conditions, and they will be secure. If yourbuilding site is compromised in a disaster, you have little control over whowill enter your offices and have access to your files. Do you rememberseeing television newswoman Diane Sawyer on the air, as she picked uphandfuls of documents from businesses in the World Trade Center—documents that had scattered when the towers collapsed? As bizarre asthat sounds, here is another example: have you ever attended a ticker-tape parade? I (Stefan) attended a ticker-tape parade when (unshredded)
Preparation 61
confidential documents detailing the compensation of senior officers ofa particular company landed at my feet. If you need to store originaldocuments, you should store them in a safe that cannot be opened oreasily removed. Remember that your business has a legal requirementto maintain certain documents, such as tax records, for a specified pe-riod of time. Your legal counsel can advise you as to which documentsyou must safeguard and over what period of time they must be preserved.
You also want to offer evacuation training to your staff so that theyknow how to shut down all nonessential office computers, how they canwarn all employees using a paging feature on the phone system, and howthey may shut down electricity or gas services.
If the hazardous conditions are expected to continue, you may beescorted into your business premises by civil authorities for a brief pe-riod to retrieve key items. Therefore, it is a good idea to label all equip-ment according to your earlier ranking as “critical,” “important,” or “op-tional” with large color-coded stickers and larger numbers, so you can,if necessary, ask someone to retrieve item RED#4 for you.
With regard to your phone system, if you used the setup recom-mended in the last section, turn on your company’s cellular phone tocontinue receiving company phone calls.
You need to agree with your staff on a meeting place where you canconvene after your building has been evacuated. If you are a really smallcompany, you can simply meet at someone’s home, but if your companyhas more than 20 employees, you will want to have a separate office sitewhere you can meet. It is unlikely that you will need dedicated recoverysites such as those that large companies have built. It is sufficient if youhave a good relationship with a partner company that can give you sometemporary place to work, such as their meeting rooms. If you plan inadvance, you should make sure that this company is using different third-party providers than your own company so that you are less likely to benegatively affected by the providers having difficulty keeping their op-erations up and running for other customers not affected by the disas-ter. And you should have a good stock of spare parts and PCs that arestored off-site and that you can use temporarily.
If you are looking into a secondary site, such as rented office spacethat you would normally use for client meetings or training seminars butplan to use as a disaster recovery site, review carefully whether that sitecould function under disastrous conditions. Does it have sufficient elec-trical power and air conditioning? Is there enough space to store spare
62 Contingency Planning and Disaster Recovery
equipment? Your disaster recovery facility requires full third-party ser-vices. And of course, your disaster recovery facility’s phone, Internet, andutility providers should be as different from your main office as possible.You also need to make sure that you have software licenses for all of yourIT systems and determine if any additional computer systems and soft-ware licenses have to be acquired.
To reach the main office you need to establish a secure connection,because you will transfer sensitive information, such as human resourcerecords, budgets, and competitive and strategic documents. If you areworking at your secondary site, you might consider a dedicated data lineback to your main office, if this is cost-effective. Usually, however, you willconnect to your office network by direct dial-up or over the Internet usinga secured virtual private network (VPN) connection with strong 128-bitencryption. A VPN connection creates a “tunnel” on the Internet throughwhich your data are passed safely; thus, it acts exactly as a private network,and the same security, management, and bandwidth policies can be ap-plied. VPN is a cost-effective network solution that is sufficient in mostcases. However, you will want to look into a private leased-line connec-tion between offices if you require a minimum bandwidth guarantee, orif the office locations constantly require exchanging large amounts ofdata.
There are two solutions for building a VPN network. SoftwareVPN solutions are available and are already part of the Win-dows 2000 or XP Professional operating systems. A VPN con-
nection can be configured from any client running those operatingsystems, to a Windows 2000 or XP server machine, independently ifthey are on the same network or remotely from halfway around theworld. The second and preferred solution is built-in VPN functionalityin routers. This is especially useful if you like to provide a permanentVPN connection, for example, to connect your main office with yourtraining center offices. If a remote user on the road likes to dial in,he requires additional VPN client software.
System Security
For a small business you want to have at least a classification for docu-ment accessibility that translates directly into security measurements onyour system. There are at least three categories to consider:
Preparation 63
• Public data, for example, brochures, annual reports, and yourwebsite. These data are available to all users without special restric-tions.
• Restricted access documents, for example, communication withclients or data in your bug-tracking system. This information isgenerally available internally, but has not been reviewed. It mightcontain information embarrassing if released to the general pub-lic.
• Confidential documents, for example, expense reports, strategydocuments, and so forth. These data must be protected becausethey reveal specific business practices or future plans that shouldremain confidential.
These three examples represent a basic classification scheme. It isimportant that security measures are followed to safeguard your businessinformation assets.
In addition to organizing a classification scheme for safeguardingdocuments, you need to specifically address system security in your busi-ness. With a majority of your proprietary information now stored elec-tronically, you are vulnerable to intentional or unintentional misuse byyour own employees. Therefore, to integrate these technologies securelyand successfully, you must deal with them on an organizational level. Theloss or corruption of mission-critical information may have serious finan-cial and legal consequences for your business.
Consider the value of your company’s knowledge and informationdatabases. You will need to safeguard this information by an effective andproven security mechanism. These high-security measures are necessarybecause of the ease with which digital information can be assessed,modified, or deleted, without leaving behind traces of intervention. Forthis reason, you need to include file access and intrusion detectionmonitoring with your security efforts. Strong password authentication isalso required combined with data encryption whenever data leave thecompany’s network.
Each user account should be protected by a password. Users mustchoose passwords with a minimum length of eight characters,nondictionary words or names, and a mixed use of upper and lower caseand special characters and numbers, like “BGsRGr8t!”. Ideally, passwordsshould be changed every 90 days or so. But from experience in smallcompanies, people don’t like to change passwords too often. Sometimesthey even share their passwords with colleagues; this practice should be
64 Contingency Planning and Disaster Recovery
discouraged. It almost always indicates that the file structure setup is notcongruent with the requirements. Did you know that many people useas passwords first or last names of themselves, their children, friends,dogs, or names of cities or landmarks? You would be amazed how quicklyhacker programs available on the Internet can decipher such passwordsby simply guessing combinations of these items. It hardly takes longerthen a couple of minutes to obtain the passwords of at least one-third ofaverage users.
The bottom line is that small businesses do not need complex secu-rity measures, but they need some measures. Of course, the security mea-sures should be periodically reviewed so that the implemented guidelinesmeet the requirements and to ensure that they are generally acceptedand used. All security safeguards should be periodically assessed andadjusted to meet the latest developments.
Fires and Other Disasters
We now consider disaster types that are destructive to the worksite, be itan office, a manufacturing plant, a retail establishment, or any other typeof construction (we will use the generic word office to refer to allworksites). Among all of the scenarios, fire is by far the most commonhazard that also creates a secondary hazardous condition due to toxicsmoke. Natural disasters, like severe weather, earthquakes, and floods,also may damage or destroy your office or at least render the office un-usable for some time. In the case of severe weather, however, you oftenhave advance warning of the disaster and can begin an evacuation ofpeople from the premises.
Whatever the cause, you need a disaster recovery site, even if it is onlya meeting room at another company’s premises. It will take you sometime to assess your losses, but you should strive in good faith to providebasic services to your employees and customers and honor your contrac-tual obligations, even though conditions will be challenging. Try to miti-gate your losses by maintaining whatever level of operations you cansustain until your business has fully recovered. The effort will be appre-ciated by your employees and customers.
In addition to assessing which services and products your companyis obligated to provide, you should also inquire as to which services and
Preparation 65
products you will need from third parties to operate your business in theaftermath of a fire. Determine which other third parties will provide youwith temporary services at the disaster recovery site in the event that thepermanent provider is also affected by the fire or natural disaster. Iden-tify a priority ranking of which systems must be operational and whichdata you will need to operate your business even at a minimum level offunctioning.
Fire Protection
Plan and discuss with your local fire department the precautionsyou should take to protect valuable documents or IT equipment fromfire. Special fire safes for documents are affordable, and larger safeswould also protect against theft and survive substantial mechanical abuseand water damage. You should have an up-to-date, detailed, off-site in-ventory list of all IT equipment. Labeling your valuable assets with easy-to-read, fire- and water-resistant stickers facilitates subsequent identifica-tion and should be used in nondisaster times as an asset controlmechanism.
You will find that many traditional businesses, such as law firms, havebegun to conduct more and more business electronically. But you willnot need all documents online at your alternate site. You need to iden-tify which ones you will need before the disaster strikes. It will be suffi-cient if you have the documents that you will need for an emergencyoperation. It is, however, a good idea to plan to store paper copies of allimportant original documents at a secondary location and determinewhich documents to make available online.
It is important that you have regular fire drills with the help of yourfire department. This should include instructions on how to initiate anemergency shutdown of all systems. It would warn every user that theemergency shutdown is in progress, and that all systems will be automati-cally shut down in about five minutes. The emergency shutdown can bestopped by anyone, unless it is forced by system administrators. To expe-dite this process, you can install a “panic” button that would be pushedat the same time as the fire alarm in the event of a fire or an immediatethreat, and would shut down all IT equipment within the next few min-utes.
66 Contingency Planning and Disaster Recovery
Data Backups: Part III
This scenario assumes that the main worksite will be destroyed. Businesswill continue at an alternate secure location. An emergency replacementIT infrastructure must be ready at that location.
To prepare for this case, if you are using a backup system at youroriginal office location, use a VPN connection to copy all data from yourmain office location to your alternate office location. Again, a file syn-chronization tool is easy to use and efficient because it will transfer onlythe changes that have been made to files during that particular workday.Because the data will be available at the disaster recovery location, a smalland simple network can be configured to start disaster recovery opera-tions. You would have the same benefit if you used an online data backupservice. In both cases, you will need a fast Internet connection at yourdisaster recovery site. If you have used traditional methods to back upyour data, such as tapes, CDs, or DVDs, you have to retrieve them firstfrom your storage location and then rebuild a file system at the alternatesite. Obviously, this is a much more time-consuming task, especially if yourdata sets are so large that they do not fit the selected medium, and in-cremental or partial backups have been made and the originals must berestored.
For most small businesses, some form of online storage, like your webserver or special online backup space, will suffice. If you have manygigabytes of data that you need during disaster operations, use a fileserver with large disks at the disaster recovery location. These solutionsare more cost-effective and less time-consuming. But there are reasonswhy you would also want to have backups on removable media, as we shallsee in the chapter dealing with sabotage.
If you used a removable backup medium, store it in a safe place thattracks ingoing and outgoing items. Many armored car services offer thisservice, and they also may pick up and store your backup tapes. Employ-ees should create backups of their own data on the backup system.
The issue is how much downtime your business can afford until youare up and running at your alternate location. If your marketing and salestools fail, you can probably estimate the direct costs of lost sales oppor-tunities. If your client support tools fail, you have additional intangiblecosts like blemishes on your public and client relations. And for othersystems you will most likely find that variable factors, such as your down-time costs, change over time. For example, if you own a tax accounting
Preparation 67
business, you are faced with downtime requirements that change withtime. If your system goes down just before the tax reporting deadline,the impact on your business is definitely more severe than a failure laterin the calendar year. You can make a rough estimate of the cost of yourdowntime that should correlate with your disaster recovery budget.
Remote Operation: Stage Two
In stage two, we assume that the computers at your office location nolonger function, the communication lines have been cut, and you willnot have access to your office premises for some time. The data backupis available at the remote location either from online storage, your ownlarge disk file system, or from removable media. A small office can bebuilt where an emergency operations team handles the most importantbusiness functions. You already contracted data lines into that alternatesite, and you use cell phones temporarily until you can return to yourold site or you have to find a new office altogether.
The question at this point is how to prepare for other services, suchas mail delivery. Here, the first step is to establish a secondary locationin advance; a virtual office that would handle all your mail even duringnondisaster times. If you consider the recent scares about anthrax inletters sent through regular post office mail, you may consideroutsourcing mail handling to a third party. As a small business, you can-not afford to buy expensive x-ray machines or to spend the time to in-vestigate each piece of mail. There are various providers of such services.Not only will they accept your mail, but you also can direct them to openyour mail, scan it, and send it to you immediately by e-mail. Of course,you also can use them to establish another office presence somewhereelse in the world. But the main advantage is that they will receive all mailfor you, open it, presort, and forward it to you quickly and efficiently. Andif you live in an urban area, it is often possible to receive the most criti-cal mail via messenger on the same business day. Some service bureausalso offer additional add-on services, such as an assumption of payroll andaccounting functions. Choose these services based on your budget andyour assessment of your likely circumstances should you temporarily loseaccess to your permanent worksite.
You may consider a bill payment service that will receive your billsfor you, scan them, set up money transfers via wire or by check, and let
68 Contingency Planning and Disaster Recovery
you decide when and how much you want to pay simply by a preestab-lished “auto-pay” function or by selecting the bill online. These servicesare provided by various companies, and are much more advanced thanthe bill payment services most financial institutions provide with theironline systems. We also recommend that you keep a directory of yourservice providers with your business account numbers, so that in the eventof a disaster, you have that information conveniently available to notifyyour creditors of your circumstances.
Terrorism and Sabotage
Terrorism strikes without warning and is of particular concern as its goalis to inflict maximum damage, including the loss of human life. Delib-erately orchestrated violence, such as terrorism, has a profound psycho-logical impact on those who experience it, quite unlike the psychologi-cal response to natural disasters. Your first concern is the safety of youremployees. There will never be complete protection from terrorist attacksand acts of sabotage. The terrorists will use any mean for their cause,including suicide missions, bombs, and contamination with biological,chemical, or even radioactive agents, if they manage to acquire thematerial to build such weapons. Terrorists are also becoming increasinglyskilled in the use of highly sophisticated IT equipment, trying to “hack”their way into government agencies and into commercial computer sys-tems to steal secret data or to cause considerable damage by altering ordeleting data. Because the potential damage is so severe, you need to takeprotective measures. Similar precautions as for destruction of your officeby fire or hazardous substances apply.
Hacker Attacks
As soon as your single home office computer or your small businesscomputer network is continuously connected to an outside network, suchas the Internet, some method of protecting your data on the computeror the internal network is required. Any computer system that is directlyconnected to the Internet will sooner or later be the target of hackers,trying either to penetrate your network, or making it unusable by, for
Preparation 69
example, flooding your system with data requests. Also, you have to beaware that the traffic from your network can be watched from the out-side as it is often not encrypted. This is even easier when you are con-nected via a cable modem because everyone on your cable segment canmonitor your data traffic.
You need to protect yourself by using firewall software on the stand-alone PC, or even better, build an internal network and use a networkrouter that separates your internal network from the Internet. There aremany router products on the market, and the ones marketed for homeoffice or small businesses often include a firewall where you specify whichdata traffic you allow through your firewall and which outside parties areallowed access to your network. Usually, you will want to allow all trafficthat was initiated from inside your network to pass the firewall from theoutside. Traffic initiated from the outside should only pass the firewallif it is in response to a former request from the inside, or if you havespecific machines and applications that you would allow access into yournetwork. But for the general public you would either refuse the datapackages or route this traffic to a separate network called the demilita-rized zone (DMZ). Here you would place, for example, a testing webserver, or a place where you make the latest information available forsalespeople connected to the Internet.
Although this might appear complex, the configuration of theserouters for home offices and small businesses has become fairly simple.Most routers now provide web-based interfaces with good online help.But that alone is not a guarantee that it will be simple. Some productscome with web interfaces that are poorly designed, or require firmwareupgrades before they can work with your ISP.
The advantage of a network router is that the connection to theInternet is simplified because all ISP-related network information is con-figured only once in the router, and communicated to all internal ma-chines automatically if the standard protocol is supported.
However, if your ISP is charging you based on the number of com-puters you have connected to the network, and you use a router, you haveonly one connection point to the ISP’s network. The ISP can detect arouter from its hardware Ethernet address. Most off-the-shelf routers havea built-in function that allows spoofing the address of the router by sub-stituting an address from an internal computer, so the router will appearas a computer from your internal network. Check with your ISP first.
70 Contingency Planning and Disaster Recovery
We do not recommend using a computer to act as a firewallor a router or both. Stand-alone network components aremuch easier to set up, are inexpensive, and provide a much
higher guarantee that you have not created any kind of loophole inyour setup that would compromise network security.
A firewall is only one step in a larger network security scheme thatmust include a security policy, automatic intrusion detection, and moni-toring for viruses that can sneak in with regular traffic. There are alsovarious solutions that you can run on a PC that will allow the PC to beaccessed from the outside, even if a firewall is in place. These softwarepackages mimic the same traffic as web browsing would, but instead ofwebsite information, they send data about your PC and the files on it.With some software packages you can remotely take control of your PC,although your firewall does not allow any traffic initiated from the out-side. This is possible because in this case the traffic is initiated from asmall application running on your PC, and therefore for the firewall thetraffic appears to be legitimate because it was initiated internally. You canuse it to your advantage, but you also need to be aware that certain secu-rity risks accompany it.
Make certain that virus protection is current to avoid compromisingyour security by viruses and Trojan horses entering your system. You alsoneed to regularly update your operating system. Updates are providednearly every week. It is important that you train your users how to handlesuspicious e-mail attachments and how to detect virus-like activities.Your ISP or e-mail provider can often provide additional securitymeasures.
Be aware that even cell phones can become the target of virus activi-ties, particularly if they are in the league of the new Internet-savvy phonesthat allow you to browse the Internet. We expect that such devices willbe standard in a couple of years, and then they will behave like any othercomputer on the Internet.
Your overall attention to security issues and the technical expertisethat you obtain will determine the effectiveness of your security precau-tions. Do you always remember to remove accounts for employeeswho have left the company? Special care should be taken if a systemadministrator leaves because he usually knows back doors into yoursystems.
Preparation 71
Internal Sabotage
A good system administrator builds his or her reputation on the trust thathe has earned throughout his career. But even with the best system ad-ministrator in the service of your small business, you are obligated toprotect your company against attacks by internal sabotage. These mea-sures are not too difficult to implement and should be welcomed by yoursystems administrator as being in the best interest of the company. Thereare some basic auditing methods that you can apply and review periodi-cally, such as identifying who accessed which files, who generated whichexternal network traffic and who sent a large number of e-mails or largeattachments to which addressee. You should, of course, inform your staffthat you are monitoring activities on the company’s network, and theresults of these activities are not matched with personal informationunless there is a compelling reason to do so. Staff should also refrain fromstoring personal information on company computers. These guidelinesshould be formalized in company policy.
Although it is practical to make backups from one disk to anotherdisk, it is also important to occasionally make a backup on a removablemedium and to store this backup in a bank safe that is not accessible bythe system administrator. The system administrator probably would alsowant a bank safe to store his backups, but he should have a separate one,preferably at a different bank.
Having outsourced your e-mail to a third-party provider, you alreadytook an important step to be independent of internal systems staff foryour e-mail service, thereby reducing both the work burden on the staffand the opportunities for internal sabotage.
Insist that the passwords for all equipment, particularly fornetwork equipment, are given to you in a closed envelope. Youwant to keep it closed, unless there is a major emergency or
your system administrator leaves the company. Then it is best to haveanother system administrator come in to change the entire list ofpasswords. In fact, we suggest that you do not use any built-in “ad-ministrator” accounts, but instead, give two user accounts admin-istrative rights on the system. This way each week those two peoplecan independently monitor and audit suspicious activities on yournetwork, and system administrator tasks can be traced to their useridentifications.
72 Contingency Planning and Disaster Recovery
Even so, your business could be the target of a saboteur who “infects”your network with a virus. Usually with good protection in place, thisshould not be an issue, but we often see that in small businesses passwordsare not safeguarded, users’ permissions are not set, everyone can havesystem administrative access, and files are open for everyone to read andfor everyone to delete. You have to be aware of this and take the neces-sary precautions. Review your protection scheme regularly.
FINANCIAL LIQUIDITY
Thus far, we have presented information to enable you to prepare for adisaster and to develop a contingency plan with respect to the informa-tion technology infrastructure of your small business. We have placed aspecial emphasis on developing redundant capacity; that is, having ad-ditional sources of computing power and backups of all data and recordsfor your small business readily available in the event of a disaster. We nowapply the same concept to the financial elements of your contingencyplan, in effect, developing redundant financial capacity, by means ofvarious tools, such as insurance. If a disaster should strike your business,you may need additional funds to replace lost or damaged assets and tocover additional operating expenses during the recovery period follow-ing the disaster. Let’s begin by examining the role insurance plays incontingency planning.
Role of Insurance
When you made the decision to start (or to join) a small business, youassumed certain risks. You almost certainly did so because you believedthat the rewards you would receive were commensurate with, or dispro-portionately generous to, the risks you would assume. These rewards mayinclude the freedom to chart your own course, the ability to own yourown life and to balance work and family, the joy of realizing a creativevision, and the financial rewards that come with entrepreneurship. Youalmost certainly took steps to mitigate your risks. Entrepreneurs are, bynature, resilient and resourceful. We are optimists, and believe we cancreate a better future for ourselves. We are also reluctant to jeopardizeour small business vision, our future, by taking needless or reckless risks.
Preparation 73
All successful entrepreneurs take prudent risks, most likely beginningwith the formation of your company!
When you started your business, your legal counsel almost certainlyadvised you about the need to incorporate in order to minimize yourpersonal liability, among other reasons. Your insurance program is thenext step in the process of mitigating risks to enable your small businessto succeed. A carefully crafted insurance program protects your businessassets against the risk of unanticipated losses, italicized for emphasis. Wewould advise you not to insure against anticipated losses, as it usually isnot cost-effective to do so. Consider the example of extended warrantyprograms for office equipment, which are analogous to insurance onsingle pieces of equipment. We decline to purchase such coverage, be-cause we expect that office equipment depreciates and must be replacedfrom time to time. As such, we can budget for it. I (Donna) chose not topay $150 for an extended three-year warranty for the $600 multifunctionlaser printer/digital copier that sits in my office. The printer has func-tioned adequately for the four years that I have owned it. It shows thesigns of normal wear and tear and I will likely replace the printer withinthe year. Newer models with features comparable to my existing printercan be purchased for $450. Clearly, the extended warranty plan (whichcovered anticipated costs to repair the equipment due to normal wearand tear) would not have been a sensible investment.
I did, however, have my printers covered under a business owner’spolicy. When an unexpected disaster occurred, the insurance benefitmitigated my loss. Our business insurance policy provided for each of theprinters and fax machines which were damaged by ash and soot from thecollapse of the World Trade Center towers to be removed from the of-fice and professionally cleaned and serviced. In some cases, drums andcartridges were replaced. The insurance policy paid for the repair ofthose machines that were damaged as a consequence of an unanticipatedevent—certainly no one expected a disaster of the nature that occurredon September 11. Those losses were not inconsequential; the cost torepair a single printer or fax machine was $250. The insurance premiumI paid for this benefit was a sensible investment for my business.
This is the first take-home lesson of crafting your insurance program:it is generally not cost-effective to insure against anticipated losses. Con-sider which losses you can predict and for which you can budget. Thoselosses can be self-insured, or paid for out of your cash and short-term cashequivalents account. The extension of this lesson is the insurance deduct-
74 Contingency Planning and Disaster Recovery
ible. The deductible is the amount of losses that your business must bearbefore your insurance policy pays a benefit. Generally, the higher thedeductible (or the greater the amount of losses that you will bear beforeyour insurance policy is obligated to pay a claim), the lower the premium.Discuss with your insurance agent the options available to you so that youmay select the deductible that is appropriate for your business.
You likely see how this lesson applies to your personal insur-ance program. It bears repeating: generally it is not cost-effective to insure against anticipated losses. We see many
small business owners who pay premiums to cover losses that theycould afford to bear themselves, but they fail to insure against risksthat would be catastrophic if they occurred. The same is true of in-dividual policyholders who often don’t transfer risks to the insurancemarkets in a cost-effective manner. For example, consumer advocatesreport that many credit life insurance programs (insurance that paysthe installment debts of the insured at his death) are not cost-effective. They argue that consumers would be better served by pur-chasing other forms of life insurance for which the cash benefit wouldbe available for a broader range of uses. Those very same consumersmay be uninsured for other types of risks that could be covered by abroader life insurance policy. Spend your insurance premium dollarswisely: purchase coverage for unanticipated losses, not expected andpredictable ones.
Now that we have persuaded you (we hope!) that your insuranceprogram should be crafted to cover unanticipated losses, let us considersome of the risks you should insure. Many insurance companies bundleproperty and liability coverage into a product known as a “businessowner’s policy,” or sometimes it is referred to as a “package policy.” Itallows the business owner to obtain broad coverage with affordable pre-miums. Since each business is unique (and each business owner’s levelof risk tolerance is unique), insurance coverage can be customized to suitthe particular needs of the business. A retail sales operation has differ-ent insurance needs than a restaurant or a dentist’s office. Because wecannot reasonably anticipate the individual circumstances of each of ourreaders, we endeavor in this chapter to give you the tools you need toenter into an informed discussion with your insurance broker.
Preparation 75
Your insurance broker may begin a meeting with you by discussingmonoline policies, or policies that cover against the risk of a single peril,such as fire or auto theft. Business owners’ policies and package (ormultiline) policies are the sum of two or more monoline covers, exceptthat the premiums for the whole package policy are generally less thanthe sum of the parts of constituent monoline policies under a property-casualty insurance program.
It will be helpful to prepare an inventory of business assets tobe insured prior to meeting with a broker to discuss the pro-gram for your business. Many software packages for small
businesses provide for an inventory of property, plant, and equipment.You can record the date of purchase, the model number of the equip-ment, the manufacturer’s name, and the purchase price. Many ofthese programs interface with your accounting ledgers to update yourdepreciation expense as appropriate. You may also take digital pho-tographs of key equipment, such as office furniture and other itemsto keep with your records, item by item. Obviously such records arehelpful in documenting losses should a disaster damage the assetsof your business.
But these records are also helpful in assessing the amount of prop-erty you need to insure. You may be surprised when you calculate thereplacement cost of all of your business assets and will be relieved to havethat figure available when selecting the appropriate insurance coveragefor your business. We suspect that many small businesses areunderinsured for property losses because the business owners underes-timate the value of their assets. When you include everything that wouldhave to be replaced in the event of a fire or similar catastrophe, it addsup. It bears repeating: make multiple copies of these records and storeone or more off-site. Your receipts and photographs of business propertyare of little use if they are destroyed in a disaster.
Property-Casualty Insurance
Property insurance protects the assets of your business against lossesarising from perils such as fire and theft. Basic form commercial prop-
76 Contingency Planning and Disaster Recovery
erty coverage typically protects your small business against the followingperils:
1. Fire, plus extended coverage, such as:2. Lightning3. Explosion4. Windstorm/hail5. Smoke6. Aircraft or vehicles7. Riot or civil commotion8. Vandalism9. Sprinkler leakage
10. Sinkhole collapse11. Volcanic activity
Broad form commercial coverage includes basic coverage for fire (peril#1) and extended coverage (perils 2–11), in addition to:
12. Breakage of glass13. Falling objects14. Weight of snow, ice, or sleet15. Water damage
Special form coverage provides so-called all risk protection. The termall-risk is misleading, because it doesn’t necessarily cover all risks, it typi-cally covers basic form risks, broad form coverage (perils 1–15), and othercauses of loss, such as earthquakes, unless the peril is specifically excludedfrom coverage. Read your insurance policy carefully to understand whichperils are excluded from coverage. Property coverage options may in-clude endorsements, or additional risks covered. Table 1.1 lists some ofthe endorsements that may be available for coverage under your insur-ance policy.
This table does not present an exhaustive list of perils for whichendorsements may be obtained, but it is sufficient to start you thinkingabout the types of risks you should discuss with your insurance broker.The design of your insurance program will be highly customized to suitthe unique needs of your small business. For example, like many smallbusiness owners, I (Donna) maintain a refrigerator in my office stockedwith fruits and other perishable foods for consumption by employees and
Preparation 77
visitors to the office. When our office building lost electricity, the foodwas spoiled and we had to throw it out. We were not reimbursed for thisloss, as I believed that it was a loss we could afford to bear and so did notseek to include such an endorsement in our insurance policy. However,if my small business were a restaurant, it would be an altogether differ-ent matter. Imagine if the supply of electricity to a restaurant were dis-rupted. The business could easily lose $50,000 or more due to spoilageof meats and fish. For a food-service business, a policy endorsement forrefrigerated food spoilage coverage may be critical.
To ensure a prompt and fair settlement at the time of loss, your in-surance policy will likely specify the valuation method used to determinethe value of your assets covered under the policy. Your policy may pro-vide for replacement cost, or the actual cost of replacing an asset, with-
Table 1.1 Possible Endorsements to Property-Casualty Policies
Accounts Additional Automatic Automatic Boiler andreceivable insured annual increase annual increases machinery
endorsement in building limit in businessof insurance personal property
Civil Consequential Crime Data processing, Debrisauthority loss and hacker’s removal
insurance
Earthquake Electronic Fine arts Fire protective Improvementsmedia and equipment to therecords discharge property
Increased Inland marine Intangible Loss of rents Mechanicalcost of property, such breakdownconstruction as trademarks
Mobile Personal Personal Property of Refrigeratedproperty property of property off others under your food spoilage
your employees premises care, custody, and coverageand/or controlcustomers
Signage Trees, shrubs, Transportation Utility services Valuableand other and other papers andoutdoor landscaping records—costproperty of research
78 Contingency Planning and Disaster Recovery
out deducting depreciation. It may provide for an actual cash valuation,that is, the replacement cost of the asset less the accumulated deprecia-tion. Finally, the policy may specify that the valuation method is an agreedamount or functional replacement cost. This is the method most com-monly used for works of art and other unique items for which it can bedifficult to obtain an objective valuation.
By the way, items such as plants and fish in the office aquarium aregenerally not insurable, but the aquarium itself and its equipment areinsurable. Property insurers won’t underwrite the cost of replacing liv-ing organisms, such as plants and fish. They consider aquarium fish tobe pets. But the aquarium, filter, plant pots, and so forth are propertythat can be insured. I (Donna) share this with you because I have a sooth-ing 25-gallon aquarium in my office. The maintenance person who comesperiodically to service the tank related an anecdote of another of hisclients who had a large salt-water aquarium gracing the reception areaof his small business, a commercial real estate brokerage. Because heconsidered it a decorative item, he had not thought to obtain insurancefor it. It was damaged in a disaster and the cost of replacing it was $50,000.He could have insured it for several hundred dollars. Photographs andreceipts can be helpful in documenting the loss, because obviously thereis no standard replacement cost for such items—an aquarium can be amodest desktop unit with 10 gallons and a few goldfish, or it can be acustom-built floor-to-ceiling decorative piece with exotic fish, as thisgentleman apparently had in his office. Receipts and photographs willhelp you to come up with a fair assessment of the replacement cost.
We generally recommend electing to value assets on the ba-sis of replacement cost. It facilitates settlement of your in-surance claim by avoiding a discussion of accumulated depre-
ciation on each damaged asset. It also provides you with the fundsyou need to replace damaged assets immediately. We are particularlysensitive to insuring IT equipment. The PC you bought five years agomay no longer be available, and you and your insurance company willhave to identify a model available on the market with comparablefeatures to your old PC in order to establish a fair replacement cost.We recommend keeping records of the functional specifications of yourIT equipment for that reason. If you know the memory, disk size, andother functional specs of your machine, you can easily identify a com-
Preparation 79
parable model. If you record that information now, it will save you timeand aggravation should disaster strike later. In disaster-recoverymode, you don’t want to waste time searching through old sales lit-erature to determine the processing speed of your damaged computerfor the purposes of identifying a comparable model.
Before we conclude our discussion of property insurance, we wouldlike to call your attention to a specific insurance policy endorsement thatis rarely considered by small businesses: disruption of electrical supply.We know of many small business owners in Lower Manhattan who electedto forego coverage for this peril, believing that the surge protector equip-ment that they had in place was adequate to protect their computerequipment from anticipated fluctuations in electricity supply deliveredto their offices. The attack on the World Trade Center changed thoseassumptions. Much of Lower Manhattan was left in the dark for daysfollowing the disaster, and businesses cannot operate in the dark. Con-sider carefully whether you wish to purchase coverage of additional per-ils, and if so, at what cost.
This section of the chapter is titled “Property-Casualty Insurance”;“casualty insurance” is insurance-speak for liability insurance. Liabilityinsurance protects the assets of your business in the event that you or oneof your employees is accused of an act that causes injury or damage toanother person or property, or that such injury or damage is the resultof your failure or the failure of one of your employees to take action toprevent such injury (also known as negligence). Liability insurance typi-cally covers not only the costs of the damages, but also the legal and otherexpenses associated with resolving the issue of liability. In the context ofthis discussion, remember that we are considering liability insurance withrespect to contingency planning for a disaster—an event that disruptsoperations at one or more of your business sites. The needs of your smallbusiness for liability insurance (and property insurance) are muchbroader than what we are presenting in this book. For example, we wouldrecommend that your business carry employment practices liability in-surance to protect your business against claims of sexual harassment,wrongful termination, or other types of employment-related lawsuits.However, this need is unrelated to contingency planning, based on thedefinition of disaster we set forth in the Preface. Similarly, professionalliability insurance is a coverage we would recommend for professionals
80 Contingency Planning and Disaster Recovery
such as physicians, dentists, architects, engineers, or attorneys to protectthem against liability for negligence or malpractice. However, this is atopic for a general primer on business insurance, not for contingencyplanning and disaster recovery.
Liability insurance policies might include endorsements for personalinjury (arising from claims made for libel, slander, and so forth), hostliquor liability, fiduciary liability, or fire legal liability. With respect todisaster planning, there is a risk that your business could be held liablefor injury or damages should you have inadequate contingency plans inplace. For example, imagine that a fire occurs on your premises. Themain entrance to the office is burning and so you must seek an alternatemeans of egress. The only other exit from your office is by means of aback door that has been boarded up and is blocked by storage boxes andcrates that cannot be removed in a timely manner. Your business couldbe held liable for the loss of life that could have been prevented had therebeen a second, safe, means of exiting your business premises.
There are certain types of liability coverage that we wouldencourage you to discuss with your insurance broker as youdesign your insurance program and your overall contingency
plan. The first is business interruption insurance, a form of insurancethat pays a benefit to your small business following a disaster whenyour business is unable to resume operations. Because this form ofcoverage is so important to your contingency plan, we devote a sepa-rate section of this chapter entirely to business interruption insur-ance. Next, we want to call your attention to commercial auto insur-ance. Certainly we expect that your small business has its vehiclesinsured for physical damage and liability. But what you may not haveappreciated is that you also may require insurance, known as “non-owned automobile coverage,” if you or your employees use personalvehicles when on company business. Imagine that one of your employ-ees offers to drop a package off to the office of your client, becausethe office is located on her route home. If she is in an auto accidentduring the course of that trip, your business could be sued for dam-ages even though your company does not own the employee’s car.Consider carefully whether you should include non-owned automobilecoverage in your overall insurance program. Such a policy also may
Preparation 81
cover rental cars when you travel on business. Hired and non-ownedautomobile coverage is relatively inexpensive and, in our opinion, animportant part of your insurance program. Should a disaster requireyou to operate from an alternate location, you may be renting carsand commingling personal commutes with business tasks; non-ownedauto coverage will protect your business against the additional risksassumed.
When thinking of operating your business from an alternatelocation, consider insurance coverage for your home office. Ifyou work from home, either in the normal course of affairs or
in response to a disaster limiting access to your customary businesspremises, you should update your homeowner’s policy to include cov-erage for the office equipment in your home and business liabilitycoverage for the business activities you conduct in your home. Thiscoverage is not automatically included in a standard homeowner’spolicy. If you rent your home, you may want to include your home of-fice equipment in your tenant’s insurance policy. If your business hasissued equipment to employees for use at home, such as laptop com-puters or mobile telephones, be certain that those assets are insuredthrough your commercial policy. It is an easy mistake to omit assetsfrom your inventory of property, plant, and equipment when they areoff the premises.
Next, workers’ compensation and disability benefits insurance aretypically mandatory coverages for businesses, depending on your state’srequirements. Should a disaster cause injury to an employee on the job,these components of your insurance program will be very important tothe recovery of your employee and your business. Workers’ compensa-tion insurance protects employees against the risk of sustaining a job-related injury. Workers’ compensation insurance covers medical ex-penses, disability income benefits, and death benefits to dependents ofan employee whose death is related to his job. Premiums are assessedaccording to payroll and depend on the industry classification of yourbusiness. An advertising firm would pay lower workers’ compensationpremiums than those paid by a construction company, reflecting therelative risks of injury to employees of those two businesses. That is why
82 Contingency Planning and Disaster Recovery
it is important that you classify employees accurately for their job descrip-tions and wages. If you are adding new employees to your payroll, becertain to update your workers’ compensation coverage to avoid incur-ring an audited additional year-end charge.
Obviously, the risk of incurring workers’ compensation–related claimsincreases with the occurrence of a disaster: employees may injure them-selves while evacuating the business premises, and stress-related injuries,depression, and other types of disorders may occur as a result. Be certainthat your workers’ compensation coverage is up-to-date. Similarly, employ-ees injured in disasters while on the job may require disability benefits.Certain states mandate coverage for short-term disability for all employ-ees. Check the website of your state’s insurance commissioner or consultwith your insurance broker to learn the requirements of your state.
We have three suggestions that may help to reduce your workers’compensation premiums (and possibly enable you to pay for non-ownedautomobile coverage or other insurance coverages that your business mayneed). First, ask your insurance company about merit-rating credits. Inmost states, small businesses that have favorable claims experiences maybe entitled to credits toward their premiums. Second, consider addinga deductible to your workers’ compensation policy. Workers’ compensa-tion typically covers from the first dollar of losses, but most of the statesallow deductibles, which will reduce your costs. Finally, consider forego-ing coverage for yourself or for other officers or directors of the com-pany. Many states let small business owners and certain officers and di-rectors opt out of their workers’ compensation policy. This would lowercosts, but you would be left without workers’ compensation benefitsshould you be injured on the job. This may make sense if you have medi-cal insurance to pay for medical expenses incurred in an on-the-job in-jury or other means of financial support, such as a disability incomepolicy, if you or any of your directors and officers were medically unableto work.
Director’s and officer’s liability insurance (commonly known asD&O) is an executive protection policy that covers directors and offic-ers who may become personally liable for their actions on behalf of thecompany. With respect to contingency planning and disaster recovery,any corporate action that may have increased the company’s loss may giverise to a D&O claim. An employee injury on the job or a fire at the com-pany plant, for example, may result in a suit against the officers and di-rectors of the company for their alleged failure to take steps on behalf
Preparation 83
of the company to mitigate the risk of fire, such as installing smoke de-tectors or training employees in basic safety practices.
Stefan worked at a site in which regularly scheduled fire drills wouldprovoke concern from the firemen when the doors to the exit stairwayswere found to be locked, thereby blocking a safe evacuation by that route.Should a fire occur, the insurance company may deny parts of the claimsfor damages, on the grounds that the building management failed tomitigate potential losses by ensuring that the exits were not locked.
It is important to involve all of your directors and officers indeveloping contingency plans for the business and to ensurethat the directors and officers are adequately protected
against the liabilities that may be incurred in serving the company.Your contingency and disaster recovery plans may one day be reviewedand, with 20-20 hindsight, found to be insufficient by some measure.Limit your liability with the purchase of D&O insurance.
Indeed, the need for insurance expertise may be a considerationwhen assembling your company’s board of directors or advisors. I(Donna) was asked to serve on the advisory board of a high-tech, start-up company, in part because of the company’s interest in my reinsuranceexperience. Each of the members of the board of advisors was recruitedbecause he or she possessed some specific expertise, be it marketing,public relations, or regulatory experience, that augmented the talentavailable to the management team of this particular company. The advi-sors were compensated with stock options, thereby conserving the cashof the start-up operation. You might consider a similar arrangement foryour company.
Along with D&O coverage, we encourage you to consider a “keyperson” insurance policy. If you or any other individual are so critical tothe operation of your business that it could not continue in the samemanner without you, you should consider “key person” insurance to fi-nance the continuity of operations during a period of transition causedby the death or disability of an owner or “key employee” of your smallbusiness. This type of insurance policy is frequently required by govern-ment loan programs, venture capitalists, and banks. If the financial per-formance of the business is dependent on a key employee, the bank orother lender will want some type of protection should the key personbecome incapacitated.
84 Contingency Planning and Disaster Recovery
In addition to key person and D&O coverage, consider purchas-ing excess liability coverage, also known as an “umbrella” policy.This type of policy provides benefits when the limits of the
basic, underlying policy are exhausted. Umbrella coverage allows youto substantially increase your insured coverage for a relatively mod-est incremental cost. The amount of coverage your business needsdepends on the size of the business and what we call the “p-o-m”factor—what you require to have peace of mind.
In determining your insurance needs for contingency planning, takeinto consideration other requirements of your business to ensure thatyou do not omit or duplicate required coverage. For example, if you rentyour office facility, your lease likely specifies that you are required tomaintain insurance on the space you lease and to name your landlordas a beneficiary. In the event an employee or visitor to the office causesdamage to the property, the landlord wants to be certain that you canreimburse that loss. Your type of business may require specific insurancecoverage, such as surety, to provide a guarantee to your customers. Lookat your insurance program in total, not in a piecemeal fashion, to ensurethat your business is adequately covered.
Business interruption, workers’ compensation, key person, disabilitybenefits, D&O liability, non-owned automobile liability, and home officeinsurance are some of the types of coverage you should consider includ-ing in your insurance program as part of your overall contingency plan.As we stated at the beginning of this section, business owner policies oftenoffer a relative bargain, bundling different types of insurance covers fora single premium that may be less expensive than the costs of purchas-ing each additional cover in a separate monoline policy. We have onefinal suggestion before we conclude this section: industry-specific covers.Many insurance companies have developed insurance programs specificto certain industries. A visit to the website of a property-casualty insurer,for example, may list a menu of options of coverage for businesses in thefinancial services industry, or businesses in a certain profession, such asdentistry. These insurance programs include specialty coverage that isadvantageous to the businesses in those designated industries and maygive you free or low-cost access to consultants who can advise you on howto reduce your risk of loss. In our experience, these specialized industrycovers are well worth the premium. They also may include business in-terruption protection customized for the unique needs of your business.
Preparation 85
Business Interruption Insurance
A disaster, such as a fire or flood, may interrupt your business. Until yourbusiness recovers from the disaster, it may experience a loss of income,while at the same time being responsible for fixed obligations such asrents and payroll. Property insurance may pay the cost of replacing as-sets damaged by the fire or flood, but your business may have difficultymeeting its obligations until the damaged assets are replaced and thebusiness is once again fully operational. Business interruption insuranceis designed to mitigate that loss.
Let us consider an example. We know a dentist whose premises weredamaged in a storm that shattered the windows and left debris and bro-ken glass throughout the office. Property insurance covered the costs ofreplacing the broken windows and removing the debris and broken glassfrom the dentist’s office. Three weeks were required to assess the dam-age and to make the necessary repairs, during which time the dentist wasunable to see patients in his office. He was liable for his office rent, pay-roll, leased equipment, and other ordinary business expenses during thattime, but he received no revenues. If he had been covered with businessinterruption insurance, he could have demonstrated what his averagedaily revenues had been prior to the disaster, and sought reimbursementof that sum per day for the number of days that his office remained closedfor disaster repair.
Business interruption insurance was generally not well-known withinthe small business community until Hurricane Floyd struck in the UnitedStates and the recent storms in Europe resulted in longer-than-expectedrecovery times for small businesses to resume operations. Frequently, itwas the loss of income, rather than the loss of property (which was ofteninsured), that caused small businesses to file for bankruptcy protection.We have found many small business owners in Lower Manhattan who didnot have business interruption insurance, because they were not awareof it. Imagine if your restaurant or your printing press or your barber shopis closed by civil authority for several weeks. Could you afford to foregothat income, given that you still have obligations to meet?
Business interruption insurance is typically sold as an endorsementto property insurance policies. It indemnifies policyholders for lossesassociated with insured interruptions of their businesses. In effect, it isdesigned to pay your business what the business would have earned hada disaster not disrupted the business operations. Because business inter-
86 Contingency Planning and Disaster Recovery
ruption insurance is an endorsement to a property insurance policy, itcannot be purchased separately. That is, your business must first sustainan insured property loss before the business interruption coverage is“triggered.”
Let’s consider a real-world example. A husband and wife own a sand-wich shop and close the business for three weeks when the husband ishospitalized for major surgery and the wife remains home to care for himduring his period of recuperation. During this three-week period, noincome is earned as the shop remains closed. Can they claim a benefitunder their business interruption coverage? The answer is no, becausetheir business did not sustain an insured property loss. The husband’sabsence from work was independent of the conditions of his business.
Many small businesses will derive limited benefit from certain of thedisaster recovery recommendations in this book, owing to the fact thattheir businesses are immobile. For those businesses, the business inter-ruption coverage is particularly important. Consider a restaurant, forexample. As a restaurant owner, you can (and should) back up your data,such as tax records, employee wage records, customer accounts, andother information. The IT contingency plan recommended in this bookwill prepare you for the first three (and the most common) disaster types:human errors, equipment failures, and service failures. But an event thatdisplaces you from the worksite (caused by environmental hazards, firesand other disasters, or terrorism and sabotage) leaves you with few op-tions. You cannot operate a restaurant or a retail store from a remotelocation, even on a temporary basis. The business interruption is particu-larly important to cover the lost revenues for businesses that cannot re-locate.
We have interviewed small business owners in Lower Manhattan andin Florida who were affected by separate, unrelated disasters, and ourfindings were the same: small business owners were frequently not awareof the possibility of business interruption insurance. Because the endorse-ment is an incremental expense to your property coverage, we stronglyrecommend it. Should your business sustain such a loss, you must beprepared to present a reasonable case for “pro forma” business income;that is, what you would have earned during the period of time that yourbusiness had not yet resumed operations. The accountants for your in-surance company will request documentation of your fixed expenses,such as your office lease and payroll records. They will also request docu-mentation of prior income, such as business contracts and prior period
Preparation 87
tax returns. To the extent that you can produce this information quickly,you can expedite processing of your claim—another reason why youshould prepare for a disaster and keep a second set of business recordsoff-site where you can retrieve them should a disaster strike your primaryworksite.
Selecting an Insurer
Designing an insurance program suitable for the unique needs and lim-ited resources of your small business is an important project. There arethree types of insurance professionals who can advise you with respectto your insurance program:
• Agents are licensed representatives of insurance companies re-sponsible for marketing their products. They typically earn com-missions based on sales volume. An agent may represent only asingle company (a captive agent) or several companies (an inde-pendent agent).
• Brokers are licensed representatives who work with more than oneinsurance company, but represent the interests of the buyer ofinsurance and recommend the insurance program in the bestinterests of the buyer. Like agents, brokers earn commissions basedon sales.
• Consultants may help to assess the needs of the business, designan appropriate insurance program, and recommend a suitableinsurance company. The consultant is paid a fee for his service bythe business. For large global corporations, consultants may earntheir fees by offering specialized expertise with respect to insur-ance requirements in different locales; therefore, their fees maybe considered a wise investment. For small businesses, however,agents and brokers can generally provide the same advice withoutincurring fee obligations to consultants.
We would like to suggest that you consider another resource that isfree to small businesses: SCORE (Service Corps of Retired Executives).SCORE is a program of the Small Business Administration that is staffedby volunteers, retired executives who seek to share their experience andguidance to help small businesses grow and prosper. To find the location
88 Contingency Planning and Disaster Recovery
of the SCORE office nearest you, visit www.sba.gov. Your local SCOREoffice will match you with a SCORE volunteer whose experience is ap-propriate for your needs. We know of several savvy small business own-ers who sought to be matched with SCORE volunteers who were retiredinsurance executives and so benefited from their experience at no cost.
Once you have selected an advisor to guide you through the processof developing an insurance program, you will need to select an insurancecompany carrier. As small business owners, we must husband our re-sources carefully, but we urge you not to select your insurance carriersolely on the basis of premium. Cost should be only one of several crite-ria that influence your purchase decision. Claims-paying ability, or thefinancial strength, of the insurance carrier is another of the criteria youmust consider. Rating agencies, such as Standard & Poor’s and A.M. Best,assess the financial strength of insurance companies based on the qual-ity of their balance sheets, their financial reserves, and other criteria thatdetermine their ability to pay policyholders’ claims. A strong claims-pay-ing rating is evidence of financial strength and the insurer’s ability to paypolicyholder claims. A weak claims-paying rating may be cause for con-cern; as a small business owner you would not wish to pay premiums toan insurance company only to see that the insurance company becomesinsolvent and is unable to pay your claim.
You may obtain the financial rating of the insurance company fromthe agent, the broker, or the company itself. You also may go to yourpublic library and read the reports from A.M. Best or Standard & Poor’sto learn more about the financial strength of the insurance carriers youare considering. You should also do some research about the insurancecompany’s quality of service and record in the small business market.Consult with other small business owners to learn of their level of satis-faction with their insurance carriers. Your state’s department of insur-ance, which licenses insurance companies to operate within the state’sborders, is also a good source of information about insurance companiesand consumer complaints.
We encourage you to consider working with an insurance companypartner of an association that represents the interests of small businessowners. As an association member you are likely to have some assuranceof superior service from the insurer than you would have as a single in-sured entity. We can suggest a few associations for you to look into, suchas NAWBO (National Association of Women Business Owners) and NFIB(National Federation of Independent Business). Dues-paying members
Preparation 89
of NAWBO have access to a range of resources that may be helpful incontingency planning and disaster recovery. The NAWBO speaker’sbureau, for example, may help you to identify fellow members with ex-pertise in insurance and risk management with whom you can network.Fellow members can share with you their experiences with their insur-ance carriers and make recommendations. Finally, corporate partners ofNAWBO include insurance companies that are eager to serve NAWBOmembers and offer specialized services.
NFIB represents the interests of its member small businesses. NFIBalso offers its members discounted property-liability insurance programs.NFIB’s publication, Smart Business, frequently covers insurance and riskmanagement topics and presents case studies of its member businessesthat are very helpful. I (Donna) am a member of both organizations andI find that the benefits to my business far exceed what I pay in member-ship dues, including high-quality service from outstanding insurancecarriers affiliated with these associations.
Some small businesses will find that they are not insurable as risksin the “standard” marketplace and may have to turn to special insurancefacilities that serve the residual, or nonstandard, market. These specialfacilities include the excess and surplus lines market, the national floodinsurance program, and the state insurance underwriting associations.
The excess and surplus lines market consists of insurancecompanies that underwrite special risks. These companies areoften nonadmitted carriers; that is, they are not licensed by
the state insurance departments, so care must be exercised in pur-chasing such coverage. An ordinary commercial insurance broker canrefer you to an excess and surplus lines broker, if he or she is unableto obtain coverage for your risks in the standard market. One engi-neering firm with which we spoke obtained its excess liability cover-age in the excess and surplus lines market when it was unable toobtain coverage in the standard market. Because such coverage isrelatively expensive, your broker should make every effort to place yourinsurance program in the standard market.
The standard market will typically not provide flood insurance inmonoline or business owner’s policies. You may be able to purchase in-surance coverage against losses arising from floods through the National
90 Contingency Planning and Disaster Recovery
Flood Insurance Program if your business property is in a communitydesignated as a special flood hazard area and if that community enforcesmeasures designed to reduce future flood risks. This program is admin-istered by the government’s Federal Emergency Management Agency,and you may obtain further information from their website, www.fema.gov.
Finally, states sponsor pools of insurance companies that underwritenonstandard risks to businesses operating within the state borders. Forexample, the New York Property Insurance Underwriting Association isa pool of insurance companies that underwrite fire insurance in New YorkState. The Association offers fire and extended coverage as well as cov-erage for vandalism and sprinkler leakage to small businesses that areunable to purchase this type of insurance from commercial insurers. TheAssociation also provides business interruption insurance to companiesbased in New York. However, the Association assesses premiums that aresubstantially higher than premiums assessed in the standard market.Special insurance facilities in each of the states offer coverage to thoseunable to obtain coverage in the standard market; for further informa-tion, visit the website of your state insurance commissioner. However,premiums in the nonstandard market are generally more expensive thanpremiums in the standard market, so you should adopt risk managementpractices to facilitate the placement of your risks in the standard market.
Risk Management
Risk management is a set of practices that will enable you to identify andminimize the risks that your small business assumes. Generally, a riskmanagement program consists of four sets of practices:
1. Risk avoidance practices. Your small business should avoid riskyactivities whenever possible. We expect that many readers willchuckle upon reading this, as you say “Of course, no sensiblebusiness owner would undertake risk unless it was necessary tothe business operations and commensurate with reward” and youmay wonder why we are stating the obvious. Yet, we are amazedwhen we read of businesses that sponsor company outings atwhich employees burn the soles of their feet walking across hotcoals in an effort to build camaraderie. Isn’t that a risk the busi-ness could painlessly shed? What arrangements do you make for
Preparation 91
liquor service at the annual company holiday party? Do you ar-range transportation home for those who consume alcohol toavoid the risk of a tragic accident? Consider risks that you canremove from your business without diminishing your businessoperations.
2. Risk reduction practices. Seek to reduce the risks you cannotavoid. For example, you might install a security camera in yourretail store to reduce theft. You might place smoke alarmsthroughout your office to detect smoke and fire. You might pro-vide your workers with specialized equipment to reduce the riskof workplace injury. You might adopt a policy of not allowing keyofficers of the company to travel together on the same airlineflights.
3. Risk retention practices. You will retain some risks and insureothers. You may choose to increase the risks you retain by rais-ing the deductible. Higher insurance deductibles generally meanlower insurance premiums. Higher insurance deductibles gen-erally also reduce the frequency and likelihood that your busi-ness will file claims, and a favorable claims experience also re-duces premiums. Be certain that you have set aside sufficient cashin a reserve fund to pay the losses until the deductible is reachedand to cover your essential business expenses until at least partof your insurance claim is paid.
4. Risk transfer practices. Some of your risks may be transferred byinsurance, some may be transferred by other means. For ex-ample, if you provide advisory or consulting services, you mayrequire your clients to sign an indemnification agreement, inwhich they hold you harmless from liability for the advice youprovide.
A sensible risk management program, one that reduces yourrisks, may make your business more desirable to insurancecompanies in the standard market and reduce the risk that
you will have to pay more expensive premiums in the nonstandardmarket. We conducted an informal survey of twenty commercial in-surance brokers and asked if they could identify the mistakes mostcommonly made in risk management and insurance programs by smallbusinesses. Here are the three most commonly cited mistakes citedin our unscientific survey:
92 Contingency Planning and Disaster Recovery
1. Failure to obtain adequate insurance on vehicles used for busi-ness purposes.
2. Failure to cover family members who work for the business un-der workers’ compensation and disability insurance programs.
3. Failure to review the insurance program on a regular basis toensure that it remains suitable and appropriate to the businessas the business grows and changes.
Running a small business involves the assumption of risk. Don’t as-sume more risk than is necessary; make certain you have an appropriateinsurance program in place to cover losses.
Other Measures
Should disaster strike your small business, you will likely need extra fundsto cover uninsured losses until your deductible is reached and you mayincur additional expenses in activating alternate business sites and pay-ing expenses until your insurance company pays your claim. We learnedan unusual variant of this lesson on September 11, 2001. Many peoplecarry little cash on their person to minimize the risk of loss due to theftand perhaps to impose spending discipline. On September 11, whenworkers and residents of Lower Manhattan had to evacuate their workpremises, many found that they could not obtain cash from ATM ma-chines and their normal commute home was disrupted. My banker(Donna), who lives in New Jersey, had to walk on foot across the Brook-lyn Bridge and then needed funds to get home to New Jersey, since thetrain she ordinarily took was not in operation. It took some time beforeshe could find her way home. We now keep some petty cash in the of-fice for emergency use. It seems trivial to consider this, with the easyavailability of electronic funds, but when you experience the inconve-nience of being stranded, you want to ensure that it doesn’t happenagain.
We recommend that you take steps to ensure access to capital whileyour business is running smoothly in the normal operating environment.You may wish to put in place bank lines of credit or obtain higher limitson your credit cards while business is functioning smoothly. After a di-saster strikes, you may have greater difficulty obtaining credit. Your cus-tomers may be slower in paying their obligations to you, which in turn
Preparation 93
may hinder your ability to pay your obligations and may create blemisheson your credit report. Having pristine credit will help you obtain disas-ter-relief financing, which is typically offered in the form of loans.
Having access to capital may give you the funds you need tokeep your business operational during the period of time re-quired to complete a disaster loan package and await dis-
bursement of funds. The old adage applies here: the best time to applyfor a loan is when you don’t need one. Apply for credit lines in thecourse of your normal operating environment that will be available toyou when disaster strikes. Finally, we urge you to do what you can tobuild a cash reserve sufficient to meet three to six months’ operat-ing expenses. It is difficult when you are launching a business to ac-cumulate savings, so we budgeted for business savings, just as weplanned for ordinary capital expenses, until we reached a cash reservefigure that gave us peace of mind. Even if disaster never strikes yourbusiness, the discipline of risk management and financial planning willimprove your business processes.
NOTES
1. Institute for the Future, “Workplace Communications in the 21st Cen-tury Workplace,” study conducted for Pitney-Bowes, May 1998.
2. Even during the World Trade Center attack, cell phone service contin-ued with little interruption. But you might expect the cell phone net-work to be easily overloaded when land-based phone service fails. It istherefore a good idea to have several cell phones from different provid-ers available as part of your contingency planning.
3. Services on the website are available for this purpose: www.getconnected.com and www.lowermybills.com. You enter your telephone area code or zipcode and the service generates charts of available services in your area—long distance, wireless, Internet, and gas and electricity—sorted by price.
95
CHAPTER 2
Response
A disaster strikes. Most often it is something relatively minor: someoneaccidentally pulls the plug of an important piece of equipment or a harddisk crashes. But you do not know at first. Normal operations are inter-rupted and you have to determine what has happened. Your prioritiesare to ensure the safety of your employees, customers, and visitors; tominimize the interruption of your business; and to limit possible dam-age from the interruption.
In an actual emergency, you will not have time to execute an elabo-rate and detailed formal plan unless you run a large corporation andneed this type of administrative coordination to ensure that nothing isoverlooked. You also want to be certain not to overreact to a minor inci-dent or false alarm.
With the exception of severe weather, where you often receive anadvance warning, disaster can strike at any time. The situation will bechaotic. Organizational authority becomes essential even for a smallbusiness. Who is responsible for what? Who takes the lead if a manageris not available? There is no time for debate, which everyone must un-derstand and must be made very clear in the disaster preparation train-ing. For a small business, you do not need a lengthy disaster plan. Whatyou need are simple checklists of specific tasks that must be done andwho is responsible for seeing that they are done. Such checklists will helpyou to react quickly because they will reduce indecision.
Your main role at this point is to remain composed and to present acalm demeanor to your employees. You have invested the time and ef-fort in preparing for a disaster and now your planning should guide your
96 Contingency Planning and Disaster Recovery
actions. Your main concern should be the safety of your employees. As-sess the apparent danger and determine if you need to evacuate thepremises. In most cases this will not be necessary, because you are mostlikely dealing with a technology crisis like the unintentional deletion ofa file, a hard disk crash or a network failure, or simply a false alarm. Butif the cause remains unclear, and some secondary events, like smoke,occur, it is simply prudent to evacuate, and to reconvene at the disasterrecovery site.
You have done some work in preparing for contingency and so canmeet the challenges the disaster presents with a greater degree of confi-dence. You can stay calm because you know that you have backup systemsand appropriate insurance. Your decision process will be rapid becauseyou already know exactly what you have to do to minimize damage andpotential liabilities, so you can stay focused on ensuring continuous vi-tal business operations, like customer service, and protecting companyassets and shareholders’ interests. You will also know that good publicrelations work is now required to ensure a positive perception and un-derstanding of your efforts by your clients as well as creditors.
At the beginning of this book we said that you would soon realize thatyour efforts in disaster preparation will be beneficial for your overallbusiness. You are able to respond quietly, take necessary corrective ac-tions, and know that your data are safe. Be confident: most businessesdo recover from disasters and even learn from them.
IT INFRASTRUCTURE
If you followed our advice in Chapter 1 and developed a disaster strat-egy for your small business, your IT infrastructure should be in goodshape and allow quick and effective response to the events unfolding. Youhave adequate contingency for those issues that are caused by humanerror, equipment, or third-party failure, which are the events that over90% of all small businesses will ever experience. Only a small percent-age of our readers will have to deal with more serious disasters.
Imagine that a disaster just struck. It was unexpected andquick. You will soon face demands from different parties. Ev-eryone will want some assurance, to feel cared for, and to be
recognized. Sometimes this need presents itself in difficult ways:
Response 97
everyone wants his or her particular issue to be addressed right hereand right now and each action taken will be scrutinized. When thedisaster struck, everyone was occupied with the ongoing events, butin the immediate aftermath, as you are trying to implement an or-ganized response, it may seem as though everyone has forgotten theearlier agreements on priorities and time frames. Instead of recog-nizing the damages that were limited, employees may focus theirattention on the inconveniences of the disruption (assuming that youwere so fortunate as to avoid the more serious consequences of adisaster, such as loss of human life).
Expectations may become unrealistic: employees fail to appreci-ate that downtime has been minimized relative to what could havehappened had a contingency plan not been put in place. Instead, theyare resentful of any inconvenience at all. Any lack of compliance withyour contingency plans will become obvious. There will be the odd per-son who had failed to observe backup procedures. Try to contain yourfrustration with the situation. The important thing is the safety ofyour people. With the passage of time, the disruptions in your opera-tions will be viewed as relatively minor events. Remember the saying“This, too, shall pass.”
You may expect that compliance with the contingency plan will notbe exactly 100%. So prepare standard announcements to post through-out the company to inform everyone, as the disaster unfolds, about stepsthat will be taken. You should also have these announcements on yourinternal website before a disaster so that everyone is clear about whichaction will be taken for which underlying business reason. Also, keepstatistics about any type of unplanned interruption of your operations.Soon you will get some valuable feedback on how certain processes canbe improved when it becomes clear how many more user errors versusactual hardware failures do occur.
In most cases, when a disaster happens and people ask for help, yourrole should be to stay calm in the middle of the storm and keep a high-level view to ensure that everyone can make it through this unpleasantexperience as painlessly as possible.
But if you have to deal with serious, life-threatening disasters that arebeyond the ordinary, your focus should immediately shift to protectingyour employees. You might even have to call for an evacuation of the
98 Contingency Planning and Disaster Recovery
office or building. In that case, you have to decide how to protect yourIT equipment. If you expect that the IT equipment will not be affected,you still want to shut down all nonessential systems and services. If youexpect that you will no longer be able to access your equipment remotely,start the automatic emergency shutdown.
Human Errors
Most instances of human error involve the mistaken deletion of a com-puter file. It may be a localized event and you may not need to worrybecause you can rely on your backups at night, from which it can easilybe recovered.
But this is not always the case. Imagine, for example, the following,not too uncommon, scenario. A work group is rushing to finish a pre-sentation to give to a key client later in the day. Just before the meetingstarts, an employee, when trying to incorporate changes, accidentallyoverwrites this document with large sections of text from an older ver-sion of the same document. If you are lucky, the error is discovered be-fore you give your presentation.
Now imagine how this scenario typically plays out. You are upsetbecause the document was not ready on time and you may be disap-pointed about visiting a client with presentation materials that are, inpart, obsolete. In such situations, there is always the tendency to play the“blame game” which makes people defensive and reluctant to complywith the contingency plan, because they feel embarrassed.
This example highlights the need of the requirements outlined inthe preparation part of this book. Nightly backups alone are not enough.They need to be preceded with a campaign of user training and hourlyor on-demand snapshot backups to keep copies of the most recent ver-sions of documents.
The same scenario with our suggested combined effort would haveresulted in a different outcome. The group of people writing the docu-ment would establish guidelines on where to store documents, how toname them, and which version control methods they would use. Theywould also agree on how to merge changes into one final document.
While they are writing the document, each person checks his versioninto the version control system, or at least makes regular copies of the
Response 99
document with an agreed naming convention that would trace the cre-ation of the document, for example, “presentation-11am.doc.” In addi-tion, each user would manually copy the files, such as to a remote onlinebackup system, or launch a file synchronization tool to initiate a snap-shot backup on his progress, such as on an on-site backup system. Thiswould automatically store all changes to his documents on the backupsystem.
An accidental deletion of a document would only mean that the workof this one user from his last backup is lost. If a version control tool wasused, you would roll back to the last saved version. With this more effi-cient process, there should be sufficient time to redo the changes andincorporate them into the final document.
Note, however, that with this “disaster-safe” operation mode youwould not eliminate the possibility that a document would contain wrongor obsolete information. After all, people also make mistakes in the con-tent itself, but user training reduces the possibility of confusing docu-ments with one another.
We would like to discourage contingency plans using data recoverytools that would allow recovering deleted documents from a hard disk.In the small business environment, it is a rare occasion that you wouldhave the time to process this recovery and rarer still that it would beworthwhile to invest the time to do the detective work that these toolsrequire.
It is important that you pay close attention to any events involvinghuman error. These events highlight where your firm may continue tohave issues that need your attention, and it also shows you which employ-ees can handle the size and scope of the overall project. You need toinitiate corrective action as soon as possible, and if data are retrieved fromthe backup system, you should communicate this promptly. Otherwise,you may find that someone has picked up your recovered version and isunknowingly working with obsolete data files.
Equipment Failures
For some reason, equipment failure seems to follow Murphy’s Law. It isalways the most important part that breaks whenever it is most urgentlyneeded. On our last day of work with the manuscript for this book, our
100 Contingency Planning and Disaster Recovery
two main printers ran out of toner and we could not find a supplier inNew York with the correct toner cartridge in stock! Fortunately, we bothhave printers at home with which we could swap parts.
Particularly stressful are network interruptions because they can af-fect many people at the same time. Networks are usually reliable whenproperly set up. It is much more likely that you encounter issues withnetwork congestion because of poor network design, but the componentsthemselves, such as hubs, switches, and routers, are usually stable. If yournetwork traffic stops abruptly, you should first suspect a simple cablingproblem. Did someone pull a cable? Are all the cables still there? Are theyall plugged in properly? Are the uplink switches on the hubs properlypressed? Make sure you know your cables.
I (Stefan) had to deal with a case where someone switched a red cablewith a yellow cable from the equipment room because he thought a redcable would be aesthetically more pleasing. Because there were no sparered cables left, he took one from the patch panel and replaced it withthe yellow cable that he found in a colleague’s office. Most of the patch-ing cables were yellow; we used red cables only to indicate special con-nections, such as between the network switches, so everything appearedfine to us. The next morning the network was down. We needed a net-work tester and it took us some time to discover that the cable that ap-peared to be like all other yellow cables was actually a special cross-overcable that our colleague had used at home to connect his laptop directlyto his home desktop computer, but it was indistinguishable from theother yellow cables in our equipment room.
If your error does not seem to be located with your cabling, take acloser look at your network components. Do they all have power? Youmight want to reboot your routers if you are cut off from the network. Ifyou suspect that a network component has failed, it makes sense to re-place it. You want to take the error investigation “off-line” in its true sense.You should always have spare network parts on hand, unless you took ouradvice for the “double-up” network configuration where any networkcomponent is already available twice. But even then, you want to imme-diately replace faulty equipment.
The next thing that could happen is an equipment failure of somecentralized server. If you followed our advice, you are aware that it isgenerally not a good idea to put many services on the same platform. Ifyou absolutely had to bundle them on the platform, you have to deal withthe fact that several services are down at the same time. Hopefully, you
Response 101
installed a secondary backup server. Depending on the circumstances,it might be necessary to temporarily switch over to this server to providenetwork functionality until the primary unit is back online.
The most important issue when dealing with an equipment failureis to stay calm. Users will scream and managers will ask for updates andstatus reports. Suddenly, everyone seems to have forgotten the previouslyagreed-upon system recovery time frames and you will need to handleit. You could offer a continuous briefing by e-mail or have standard pre-formulated disaster recovery updates available and simply modify themfrom time to time as needed. It is also important to have checklists readyfor certain type of events, in particular, apparent equipment failures. Eventhe most experienced airplane pilots need checklists in case of an emer-gency because under stress they can simply oversee a small, but impor-tant, detail.
Complete system failures can raise the pressure and stress level foreveryone involved in fixing the problem. You need to give your IT staff asmuch support as possible for their efforts and keep distractions out oftheir way. Any minute spent without coming closer to a solution increasesthe stress level. You probably know from your own experience that you aremuch more likely to locate the error right away within the first ten min-utes or it really takes a while until you can figure out what went wrong.
So we strongly recommend that when you respond to a caseof equipment failure that you limit your error search to aboutten minutes. If you have a valid hypothesis on the cause of the
malfunction, you can increase the time somewhat, but set a limit.After that limit is exceeded, replace the equipment. For defective PCdrives you will most likely download a backup image from the backupsystem onto a new hard disk, but your system will again be up andrunning as it was in the morning or at your last snapshot, and anyfurther data recovery—if it is really necessary and makes sense—can be taken off-line.
Sometimes a system simply becomes unreliable. It fails without aspecific cause, but there is no apparent defect. And it happens again justa couple of days later. An unreliable system is not acceptable to any user,but error searching is most often a time-consuming process. So we rec-ommend that you replace the system first, and look at it quietly off-linewithout pressure from the users.
102 Contingency Planning and Disaster Recovery
Service Failures
If one of your third-party services fails, the first thing you want to do isswitch over to the secondary provider that you had in place. Maybe youhave specialized equipment that will automatically do the cut-over for youor you may do it yourself by manually patching network cables. Then callyour primary provider and report the problem and ask for the time frameuntil it will be fixed and request that they send you continuous updateson their progress.
Electricity rarely fails, but there are other dangers, like spikes in thevoltage, so it is a good idea to have both a surge protector and a UPS unitin place that should automatically kick in if the voltage drops below athreshold value. Systems can only run for a limited time on battery power.In most cases, you have just 10 minutes or so. You need to quickly inves-tigate the cause of the electricity failure. Maybe it was just a blown fuse;maybe it indicates an electrical defect somewhere else. If you have notreestablished electricity and the battery is close to depletion, the systemconnected to that UPS should shut down automatically to avoid any lossof data.
When you have your own phone system, it also should have its ownUPS unit. If you subscribe to Centrex service from your provider and haveall analog phone lines, the power is supplied by the phone company it-self.
Environmental Hazards
You need to identify the source of the hazard and determine if the sub-stance is toxic or merely an irritant. In any case, if the substance is re-leased outside the building, a simple effective short-term measure is tokeep all windows closed. If the substance is released inside the building,evacuate the premises immediately. Your staff should know where andwhen to reconvene, either at the site or at an alternate location. How-ever, you want to make sure that you trigger an automatic shutdown ofall nonessential systems and that you lock the room containing the es-sential IT equipment and important documents. If you have chosen touse the RAID solution with one removable drive, take it with you now.You have to take these steps because you are preparing for remote op-eration (stage one conditions), and you will not know when you can go
Response 103
back into the building and who might have access to the systems in yourabsence. Decide if conditions warrant reconvening at an alternate loca-tion at a later time.
Fires and Other Disasters
In the event of fire or a natural disaster, like a tornado or flood, youremployees and your physical assets are at risk. Treat advance warningsof disasters seriously and initiate an emergency backup of essential equip-ment, shut down all nonessential computers, and immediately evacuatethe building. If you happen to have sufficient advance warning, such asin the case of approaching severe weather, you have to decide which levelof backup you would be able to run safely before evacuation becomesmandatory. Before leaving the building, initiate an orderly shutdown ofall IT equipment. With fires the immediate danger is from toxic smokethat spreads quickly. So the precautions for environmental hazards alsoapply. In any case, you need to prepare your alternate site for remoteoperation (stage two), assuming that it will take some time to resumebusiness at your main office.
Terrorism and Sabotage
There will generally not be any advance warning of a terrorist attack. Inthis case you can only do one thing and that is to safeguard your employ-ees and try to find a way to escape. This is not the time to worry aboutbackups; you simply have to leave the area as soon as possible. Nothingunder your control could have prevented this disaster. This type of at-tack is unpredictable.
You should know that you can rely on your remote backup system,and that you have an alternate site from which you can establish anemergency operation.
FINANCIAL LIQUIDITY
If you followed the advice set forth in Chapter 1, you have put in placean insurance program for your small business. In this section we guide
104 Contingency Planning and Disaster Recovery
you through the process of dealing with insured property losses. We beginwith an overview of the steps to follow in preparing your claim. Next, weoffer some suggestions to identify insurance policies implicated in yourbusiness’s property loss and to reconstruct insurance policies. We givesome specific information concerning disaster relief programs for whichyour business might qualify, and because your ongoing business successis dependent on the results of your disaster recovery efforts, we offer somepractical advice to communicate your efforts to all of the stakeholdersin your small business. We begin with the most time-critical element ofsecuring insurance coverage: mitigating losses.
Mitigating Insured Losses
One of the most important activities you will undertake with respect tosecuring property insurance coverage is loss mitigation. You must dem-onstrate to your insurer that you acted in good faith to mitigate the lossesto your business arising from a disaster. Let us develop a hypotheticalexample. Imagine that your office has been burglarized. An intrudergained access to your office by means of forced entry and stole laptopcomputers and some petty cash. You discovered the theft when you re-turned to your office after the weekend. On Monday morning you arrivedat the office to find that a window had been broken, which was presum-ably the means by which the intruder entered your office. You find frag-ments of glass inside the office. Of course, you will notify the police andthe insurance company of this incident. But you must also take steps tomitigate, or limit, your losses.
Your business must repair the window as soon as possible. The bro-ken glass could cause injury to an employee or visitor to the office andshould be safely removed. Failure to promptly repair the window couldgive rise to other types of losses, such as property damage. Imagine thata rainstorm is expected later in the evening. If the window has not beenrepaired by that time, your office could be soaked and computer equip-ment damaged by the exposure. Your insurance company expects you totake reasonable steps to prevent that from happening. If it is not possiblefor a repairperson to immediately replace the window, do what you canto rectify the situation.
Perhaps you could remove the pieces of broken glass yourself and
Response 105
cover the exposed window with material to keep the interior of the of-fice as dry as possible. You could remove sensitive electronic equipmentfrom the vicinity of the broken window such that the equipment won’tbe exposed to the elements. You could have someone remain in the of-fice, after hours if necessary, to ensure that no one else enters the officeby means of that window until it can be replaced. There are various waysof responding to the situation to show good faith in limiting your insuredlosses to the original loss event of theft. Insurance companies are not verytolerant of passive policyholders who fail to act in their interests to limitlosses.
In connection with your loss mitigation efforts, you should immedi-ately restore any property protection systems that may have been dam-aged in the disaster, such as fire sprinklers and burglar alarms. Theseefforts will serve to limit subsequent insured losses to your business. Assoon as possible after the disaster, verify that your property protectionsystems are operational. If you lease space in a multitenant facility, youmay need the help of your landlord or building management to completethis task. Your efforts may be complicated if your landlord is not on-siteor cannot return to the facility immediately following the disaster. As partof your preparation efforts, you may request in advance an alternatecontact number for your building management company in the event ofan emergency. Or you may ask your building manager to supply you withdirect contacts for service providers to the building, such as buildingsecurity. If you have good relations with your neighboring tenants, youmay elect to share this responsibility and distribute a contact list to di-vide and conquer. For example, you could call the company that installedthe smoke alarms and water sprinklers in your office building to reportany malfunctions of that equipment. The tenant who occupies the officeadjacent to yours may contact the security company responsible for thebuilding alarm system.
Working to restore common services provided as part of your officelease can be a sensitive issue. Your building management company likelywants to assume responsibility for this function, but if they cannot gettheir staff on-site in a timely manner, you need to demonstrate that youtook steps to mitigate your property losses, irrespective of what the build-ing management could or could not do in any particular situation. Werecommend that you have a conversation with your building manage-ment staff before a disaster strikes. Ask them what they would like you
106 Contingency Planning and Disaster Recovery
to do in a situation in which they cannot be reached and building equip-ment necessary for common security is malfunctioning. Then documentthe conversation with a brief follow-up memorandum. It is worth the houror so invested in this effort to avoid costly misunderstandings.1
If it is not possible to immediately restore property protection systemsfollowing a disaster, post a watchperson. You may elect to hire a securityguard to remain on the premises who would be responsible for alertingthe police to any suspicious activity. You may choose to alternate employeeshifts to cover this duty. Be certain to document the additional effort andexpense incurred in mitigating your losses, which will be important tosecuring your insurance coverage. Such expenses are reimbursable byinsurance companies, because they want to encourage loss mitigationefforts!
Once you have restored service to any damaged property protectionservices (or put in place other means to compensate for the temporaryloss of such services), your next step is to notify all of the insurance com-panies whose policies may be implicated in your property loss. Promptnotification is essential to establishing your claim. Your policy almostcertainly specifies a time period following a disaster during which youmust report any losses in order for you to claim policy benefits. Read yourpolicy carefully so that you are aware of any deadlines for reporting losses.Make certain that at least one other person in your business is also fa-miliar with the provisions of your insurance policy.
As you have read throughout this book, the key theme of contingencyplanning is developing redundant capacity to respond to a disaster. Thisincludes redundant IT capacity (such as backup systems), redundantfinancial capacity (such as insurance), and redundant staff capacity. Ifyou are incapacitated in a disaster, it is critical that you have a colleagueor employee who can move the response process forward. It is morelikely that you will not be incapacitated in a disaster; but that you willneed all of the assistance and support you can get to react to thesituation.
I (Donna) have a friend who owns and manages a company that de-signs furniture specially developed for ergonomic considerations. OnSeptember 11, 2001, she was in Los Angeles, presenting her product lineto a potential buyer. She remained stranded in Los Angeles for some daysfollowing the tragedy until the airports reopened. Meanwhile, her NewYork staff was unaware of the insurance arrangements that she had in
Response 107
place for the business, which had sustained property damage. With notelephone service to Lower Manhattan, she was unable to advise themwhat to do. She attended to the matter immediately upon her return, buta prompt response could have accelerated the claims payment. You knowhow critical cash flow is to a small business; a delay of one to three weeksof an insurance claim settlement makes a difference. My friend haslearned from the experience and has been more open about sharing suchinformation with her staff. People genuinely want to be helpful in suchsituations; make it easy for them to help you by giving them the tools theyneed.
If you are in doubt as to whether or not an insurance carrier may beresponsible for covering certain of your insured losses, err on the sideof caution and notify them of the disaster. You should also considerwhether to give notice to insurance companies whose policies have ex-pired or to those who underwrite your excess coverage. If notifying aninsurance carrier on an expired policy sounds like madness, let us clarifythe point. Insurance professionals distinguish between multiple timeperiods based on when loss events occur and when the loss events aremade manifest. Consider an example that caused terrible dislocation tothe insurance industry: coverage for asbestos-related risks.
Materials that we now consider toxic, such as asbestos and lead paint,were commonly used in constructing buildings many decades ago. Work-ers may suffer respiratory symptoms and health problems as a conse-quence of their exposure to such substances, but it may be some timeafter the exposure that a medical diagnosis is made. The Lloyd’s of Lon-don insurance market paid substantial claims to cover losses that resultedfrom the exposure to asbestos (if exposure occurred when such policieswere in force) even though in many cases the consequences of the ex-posure were not apparent until years later, often after the expiration ofthe original insurance policies.
Let us move from this real-world example to a hypothetical one. Letus say that you have an insurance policy covering losses incurred over theperiod January 1, 2000, through midnight December 31, 2000. On Janu-ary 2, 2001, your building is evacuated due to an exposure to a hazard-ous substance. Although your insurance policy expired at year-end, it maypay a benefit if it is determined that the hazardous exposure occurredprior to midnight on December 31, 2000. Perhaps the exposure occurredwhen the policy was in force, but the exposure was not noted until sev-
108 Contingency Planning and Disaster Recovery
eral days later, when a noxious odor was detected. It may be worthwhileto investigate expired policies to determine if they are implicated in yourinsured loss.
It also may be appropriate to notify the insurer that underwrites yourexcess coverage. If it appears that you will exhaust the underlying limitsof your basic coverage and trigger the excess cover, your excess linesunderwriter should be notified. If you are in doubt, err on the side ofcaution and give notice. If it is subsequently determined that your lossesare within the limits of your basic policy, no excess cover benefits will bepaid, but at least you will not have precluded filing such a claim by fail-ure to give timely notice of the loss.
Your next step is to prepare a preliminary report for your insureroutlining the type of loss, the date and time of the loss, the location ofthe loss, a contact person at your company (this is a task you may preferto delegate when you are in disaster-operation mode), and the propertyimplicated in the loss. Advise your insurer if the affected property isprotected from further damage or if any facilities require temporaryenclosures. You should also let them know if any utility lines have beendamaged and are in need of repair.
In the event of a large-scale disaster, your insurance company willhave a so-called CAT team in place to respond to it. CAT is insurancejargon for “CATastrophe,” and CAT teams are assembled to deal withthese extraordinary events. This means that to ensure a prompt response,your insurance company has likely mobilized a team in a location re-moved from the disaster. I (Donna) have my insurance with a companythat is headquartered in New Jersey, but the contact person assigned tomy claim was based in the company’s Colorado office. He coordinatedhis efforts with a local colleague, when it was necessary to inspect mydamaged property.
The advantage of this system is that your recovery process will not bedelayed by reliance on a local insurance office that is recovering fromthe same disaster that struck your business. In my case, it meant thatcritical staff on-site in New York could be mobilized to inspect damages,while a remote team in Colorado (that was presumably not disrupted onSeptember 11, 2001) could perform all of the necessary administrativetasks to process business claims.
We share this information with you because certain of our neighborsdelayed filing claims until telephone service was restored in Lower Man-
Response 109
hattan, where their local insurance offices were based. Don’t delay—yourinsurance carrier will put a CAT team in place to deal with the disasterand you can communicate with that team by e-mail and by fax. Visit thewebsite of your insurance carrier to see if any announcements have beenposted for policyholders affected by the disaster and follow the instruc-tions contained therein.
Unless otherwise directed by instructions on your insurer’s website,prepare and submit your preliminary report to initiate the claims pro-cess, but remember that it is not the final word on the subject. As youinvestigate the damage to your business caused by the disaster, you willlikely revise the report. You should identify and separate the damagedfrom the undamaged property. Segregating the damaged property re-duces the risk that further damage will be caused when, for example, anemployee unwittingly begins to prepare your insurance report on a PCwith a hard disk with data that had been corrupted in the disaster andthe software was about to crash.
We recommend that you inspect your IT assets at least twice to makecertain that you have not overlooked anything. I (Donna) began hear-ing unpleasant grinding noises emanating from my PC when I returnedto my office following the September 11 disaster. I suspect that I had notheard those noises earlier in the damage assessment process because ofthe background noise of work being done outside of my office buildingto restore other third-party services that had been disrupted. By review-ing each IT asset twice, I avoided the error of filing an incomplete claimsreport. Once Stefan heard the grinding noise, he recommended thereplacement of one of the two mirrored hard disks I have in my PC be-fore more serious problems could arise from the disk—another exampleof loss mitigation efforts!
Your next step is to begin the salvage operations. Assess whetherproduction can be restored at the damaged facilities, and if so, make yourbest estimate as to when restoration is likely to be complete. Determineif your equipment can be repaired and if substitute parts and componentsare readily available. Investigate the possibility of recovering lost produc-tion time through overtime work, use of other suppliers, or processingof existing stock in inventory. The result of this process is a plan, devel-oped with the input of your insurance company, to make the necessaryrepairs, secure access to alternate operating facilities, and identify otherloss mitigation efforts.
110 Contingency Planning and Disaster Recovery
Securing Insurance for a Property Loss
The first, critical step in securing insurance for your businessproperty losses is to mitigate your losses, as we have dis-cussed. As a follow-up to that effort, you should establish
accounting procedures to track damage to property, plant, and equip-ment; damage to inventory; and costs incurred to mitigate thoselosses. Begin by establishing separate accounts to track all loss-related expenses. It is critical that you document all expenses paidto restore the business and get it up and running. If you purchasedbusiness interruption insurance, begin to document the revenues yourbusiness lost as a direct result of the disaster. Were customersunable to reach your business because civil authority had closed thepremises? If you operate a business that relies on customer traffic,such as a retail store or a restaurant, every day that your facility isclosed results in lost revenues and increased expenses. Becausebusiness interruption claims can be very large, it is possible that yourinsurance company will use the services of a third-party adjuster, inaddition to its own internal adjuster. An external adjuster, typicallya certified public accountant, is paid a fee by the insurance companyto investigate and substantiate claims, so be certain to have accu-rate records.
To secure business interruption insurance, you must first determinethe period of interruption. This is not necessarily a simple task. Considerour experience of the attack on the World Trade Center. Lower Manhat-tan was closed on September 11, but I (Donna) was allowed to reentermy office on September 18. However, not all services were available tosupport normal business operations at that time, so our interruption wasonly partially remedied. You may be able to operate on a limited basisfor some period of time before full recovery is complete.
Make your best effort to assess lost production as reflected in mar-keting and sales records. Compare what your business would have pro-duced had the business not been interrupted with what it actually pro-duced. The shortfall is the gross lost production. From the gross lossproduction figure, deduct any sales or production that your business wasable to restore by using alternate offices, employing overtime workers,or other means. The difference is the net loss of production to which you
Response 111
add the additional costs incurred in replenishing inventory and the ex-penses associated with loss mitigation. The result is the business interrup-tion loss.
Other loss-related expenses relate to costs incurred to restore thebusiness, such as:
• Overtime wages paid to employees who work to restore the busi-ness.
• Lease payments made for your alternate office facility when yourprimary office facility has been rendered unusable by the disaster.
• Meals purchased for employees who worked overtime or off-siteas a consequence of the disaster.
• Watch protection expenses paid to security guards whose serviceswere required as a consequence of the disaster.
• Costs of purchasing property for temporary business use.
It is not practical to produce an exhaustive list of such expenses, butyou get the idea. Agree to a system for tracking these expenses; if in doubtas to whether an expense would be loss-related, agree on a means to “flag”it so that it can be reviewed at a later time with your accountant. You maybe able to deduct from your business taxable income loss-related ex-penses that were not reimbursed by insurance, so it pays to track theseexpenses with care.
For example, following the September 11 disaster, some small busi-nesses in Lower Manhattan reimbursed their employees for the addi-tional commuting expenses that they incurred in coming to work. Thetrain from New Jersey to the World Trade Center is no longer operational,and several subway lines were closed. Clearly these expenses are relatedto the disaster. By the way, we recommend paying employees a reason-able per diem allowance for additional commuting expenses, rather thaninvest time and effort in assessing the commuting pathway of each per-son. Because the commuting expenses are trivial relative to other typesof expenses, you should invest your time accordingly.
Be certain that each of your employees knows how to collectand record all loss-related documentation, including invoices,contracts, and timecards. The period immediately following a
disaster is likely to be a bit chaotic, and you don’t want to make extrawork for yourself by having an inconsistent, or incomprehensible, track-
112 Contingency Planning and Disaster Recovery
ing system. Expenses incurred in connection with professional ser-vices, such as expenses for the services of a certified public accoun-tant or an attorney, are generally not covered by insurance policies.
Finally, you must prepare and submit your claim to the insurancecompany. The submission should include the date, location, and natureof your loss; the amount of loss claimed explicitly identified by categoryof loss; the lost revenues covered by business interruption insurance; andthe expenses incurred to mitigate the losses. Attach supporting documen-tation for each claim of damage. If you need additional time to prepare,ask your insurer for a written extension of time to submit your claim.
Proper organization and documentation of your claim is vital. I(Donna) received a telephone call from my insurance adjuster’s CATteam thanking me for the best-prepared claim she had received! (Shewas not surprised when I told her that I had been a senior executive witha leading reinsurance company and so understood the procedures.)During the course of our conversation, she related to me, on a no-namesbasis, the sloppy nature of many of the reports she had received forpolicyholders. I received full payment within three days of filing my claim.I don’t relate this anecdote to be self-serving, but to demonstrate how itis in your interest to organize your materials and document your submis-sion.
Think about the consequences of the disaster you have experienced.You know how disruptive it was to your business and to your personal lifeuntil some sense of normalcy could be restored. Now imagine that thedisaster was of a severe nature, such as a flood or earthquake. Manybusinesses in your area would be affected and your insurer would bedealing with many policyholders at a time. As you and your staff areworking overtime to respond to the disaster, the insurance adjusters aredoing the same. If you were an insurance adjuster, which would youhandle first—the well-organized submission with supporting documen-tation, or the incomplete submission that had been prepared in haste?You expedite the response process by making life easier for your insur-ance adjuster.
I organized my losses by type and attached written estimates of thecost of repair. The adjuster had only to review a bulleted checklist toensure that my claims were covered under my policy, review the support-ing documentation, and contact third-party service providers to ensurethat replacement costs were accurate and then organize an inspection
Response 113
of my premises. Once that task was complete, a check was issued to covermy damages and then the adjuster could resume the interpretation ofthe many other disorganized submissions she had received from otherpolicyholders. Based on our telephone conversation, I would say sheappreciated the ease with which my claim could be processed. Cooper-ate with your insurance company’s adjuster; it will make the response andrecovery processes easier for both of you.
Identifying Implicated Policies
When your business sustains disaster-related losses, it is im-portant to review all of the insurance policies that may pro-vide coverage for the losses and liabilities to which your busi-
ness is exposed. Remember that you must give timely notice of yourloss to the insurance carrier. Failure to do so could disqualify yourclaim from coverage. Therefore, you should invest the time and effortto identify all insurance policies implicated in the disaster, rather thanforeclose options for coverage by limiting the scope of your review.Begin with insurance policies for first-party property losses thatcover direct property damage, including collateral damage (such asfrom smoke, ash, or soot) and indirect property damage, includingbusiness interruption losses and loss-related expenses. Next, reviewthe following:
• All-risk policies (policies that cover risks to your business exceptfor those that are explicitly excluded).
• Named peril policies, such as policies covering fire, flood, and otherperils.
• Business owner’s policies—the package coverage we recom-mended.
• Policies covering particular endorsements, such as boiler andmachinery policies, interruption of electrical supply, and so forth.
• Homeowner or renter policies, if you operate some part of yourbusiness out of your home and sought additional coverage for it.
• Valuable papers and records policies.
The next step in your review process is the evaluation of businessinterruption insurance for businesses closed by property damage or
114 Contingency Planning and Disaster Recovery
government action. Such losses may be covered under an endorsementto your first-party property policy, or your may have a business interrup-tion policy or a cancellation policy.
You should review possible workers’ compensation claims to deter-mine compensation for disability, including physical and psychologicalinjuries to survivors of the disaster, and compensation to family membersof victims of the disaster for lost wages. (You also may obtain assistancefrom the Social Security Administration to expedite delivery of checksdelayed by the disaster and for assistance in applying for Social Securitydisability benefits.) Review your workers’ compensation insurance policy,your disability benefits policy, and your employment liability policies. Alsoconsider life insurance policies and “key person” policies for your smallbusiness in the event the disaster caused a loss of human life.
For injuries caused by the disaster to visitors to your premises, or forinjuries to directors and officers not otherwise covered under workers’compensation, you should review the relevant health insurance policies,short-term and long-term disability policies, and travel accident policies.You will also need to consider possible claims against directors and of-ficers for any actions that they may have taken on behalf of the companythat are said to have increased the losses to the company. In that con-text, review executive protection policies and your D&O coverage.
Next, evaluate damages to any boats or water-borne vessels and re-view any marine insurance policies. For damage to automobiles, youshould review business automobile policies, personal automobile policies,hired car policies, trucker’s policies, motor carrier policies, and garagecoverage.
You need to consider liability for third-party claims for any lawsuitsbrought against your business or any of its employees for harm or injuryto property or persons arising from the disaster. Review your commer-cial general liability policies. If there is a possibility of pollution damageand cleanup claims, review your environmental impairment liabilitypolicies. If your business was involved in producing structures or equip-ment implicated in the disaster, you may be at risk for errors and omis-sions claims. Review your professional liability policies accordingly. If thedisaster struck an overseas business facility, investigate your local cover-age. Some governments require foreign businesses to purchase insurancecoverage from local carriers.
Finally, review insurance policies for your business that have expired,to ensure that no precedent events to the disaster occurred during a
Response 115
period of prior insurance coverage. Review your excess and umbrellapolicies, both commercial and personal. This checklist may seem exces-sive, but the effort to review the policies is well worth it. Your businesshas paid premiums for insurance coverage and you should seek to col-lect the claims to which you are entitled. We hope you reviewed yourpolicies carefully when you purchased the coverage so that you are gen-erally familiar with the provisions of the policies. Your insurance carrierwill likely inspect your books and records; in the event your records weredamaged in the disaster, make available your backup copies that youmaintained off-site.
Finally, be aware that you may have to satisfy different deductibles fordifferent insurance policies, or different components of the same busi-ness owner’s policy. As you prepare your financial plan to recover fromthe disaster, include in that plan the costs of satisfying different deduct-ible requirements.
Reconstructing Insurance Policies
If your policy documents are not readily available, or were destroyed inthe disaster, you may have to reconstruct the insurance policies for yourbusiness. Fortunately, this is not as difficult as it might seem. Insurancepolicies are generally “boilerplate” documents; that is, they are standard-form documents used throughout the industry. Even if you cannot ob-tain a copy of the exact insurance policy that you purchased, any com-mercial insurance broker can supply you with a standard-form policy andprovide some guidance as to your likely insurance coverage. Begin withinternal documents of your company, including the following:
• Legal department.• Human resources department (particularly for insurance policies
related to employment practices liability, workers’ compensation,life insurance, health insurance and disability benefits).
• Accounting, finance, or purchasing departments.
Of course, if your business has fewer than 20 employees, it is unlikelythat you have organized functional departments as such. But you mayhave an employee assigned to handle human resources matters, for ex-ample, who has records of insurance programs. You also may retrieve
116 Contingency Planning and Disaster Recovery
secondary proof of coverage, such as electronic images of your insurancepolicy, from your electronic data stored off-site.
Once you have exhausted those possibilities, consult with externalsources for copies of your insurance policy, such as your insurance bro-kers or insurance company. Remember that if you purchased surpluscoverage for your business, you likely did so through a specialized sur-plus lines broker, so contact both your commercial insurance broker andyour surplus lines broker. If these parties cannot produce copies of yourinsurance policy, request any other documents they may have relating toyour coverage, such as copies of claims files. The Insurance Commis-sioner of your state also may provide assistance or counseling with respectto insurance problems and questions, including obtaining copies ofpolicies, claims filing, and expediting settlements. For inquiries relatedto flood insurance, you should contact the National Flood InsuranceProgram.
Your last alternative is to seek secondary proof of coverage fromexternal parties, such as:
• Additional named insureds under your policies.• Consultants.• Claims adjustors.• Outside legal counsel.• Outside accountants or auditors.• Agencies of federal, state, or local government.• Leasing companies with which you do business.• Financial institutions.• Any other party that may have required evidence of your insurance
coverage.
There are various means of reconstructing your insurance policy,should it be destroyed in the disaster. The checklists we have providedhere are not exhaustive. For example, following the disaster that occurredat Mount St. Helens, a former colleague could not retrieve her insurancepolicy. However, she was able to obtain the policy from a local office ofthe Small Business Administration (SBA). The SBA had required her tohave insurance in place as a condition of her business’s participation inan SBA-sponsored program. I (Donna) once worked with a biotechnol-ogy firm that sustained losses when Hurricane Gloria struck Connecti-cut nearly 20 years ago. The biotechnology company had received ven-
Response 117
ture capital funding and, as a condition of that investment, had to main-tain certain insurance coverage in force. As a consequence, the venturecapital firm (which was based in California and was unaffected by thehurricane) was able to express-deliver original policy documents to themanagers of the biotech company so that they could prepare their claimsfor property damages.
Two final examples: A friend whose office had sustained damage inthe Northridge earthquake was able to obtain her policy from her land-lord. The management of the commercial building where she leased asuite of offices for her company required certain insurance coverage asa condition of her lease. Fortunately, the management company pre-served these documents off-site, so that they could be retrieved follow-ing the earthquake. I (Donna) have a French friend, a former fashionmodel with an M.B.A., who provides bespoke (customized) shoppingtours of Paris and Milan to foreign tourists. Her business records andinsurance policies were destroyed in the floods that caused great dam-age in France not too long ago. She was lucky: the reinsurance companythat covers her primary insurance carrier had requested copies of ran-domly selected insurance policies as part of a routine audit. Hers wasamong the sample and the reinsurance company was able to give herappropriate documentation to secure coverage of her losses.
To briefly summarize the recommendations of this section: shouldyour insurance policy be destroyed in a disaster, you may reconstruct thatpolicy by consulting the following sources in the following order of pref-erence:
1. Internal sources for policies.2. Internal sources for documentation relating to insurance cover-
age.3. External sources of policies.4. External sources for documentation related to insurance cover-
age.
Of course, we hope that your contingency plan provided for secure,off-site storage of key company documents and records so that if yourinsurance policy is destroyed in a disaster, you will not lose time tryingto contact external parties for assistance in policy reconstruction. How-ever, if you had to learn the lesson about off-site backup of critical docu-ments the hard way, we hope that these suggestions for policy reconstruc-
118 Contingency Planning and Disaster Recovery
tion accelerated your response to the disaster. Finally, the cost of procur-ing these documents may be covered under your insurance policy if youelected an endorsement for valuable papers.2
Issues Relating to Employee Displacement
We sincerely hope you followed the advice given in Chapter 1 and putin place contingency for valuable records. However, if you are recon-structing your insurance policy because your documents were destroyedin the disaster, then you likely have other records to reconstruct. We knowof small businesses whose basic payroll records were destroyed on Sep-tember 11, 2001. Laws vary from state to state, but generally every em-ployer must establish, maintain, and preserve weekly payroll records fora minimum period of six years, including the following information foreach employee:
• Name, address, and Social Security number.• Number of hours worked daily and weekly, including the time of
arrival and departure for employees working split shifts or over-time.
• Amounts of gross wages, wage rates, and job classifications.• Deductions from gross wages.• Any allowances claimed as part of the minimum wage rate.• Monies paid in cash.• Student classifications and school statements.• Total wages and the value of any allowances for each payroll pe-
riod for individuals working in executive, administrative, or pro-fessional roles.
Generally, depending on their job functions, employees mustbe paid within 7 to 14 days of when the work is performed. Ifyour payroll records were destroyed in the disaster, make a
reasonable effort to determine the hours that were worked and payyour employees as promptly as possible. Be advised that in certainstates, failure to pay employees’ wages exposes the business ownerto personal liability.
Response 119
If your premises were rendered unusable as a consequence of thedisaster, some of your employees may elect to work from home. If suchemployees are considered nonexempt under the wage-and-hour laws, thebusiness must still record and maintain their work hours for payrollpurposes and determine whether overtime compensation is payable.Nonexempt employees are also entitled to lunch breaks, even when theywork from home. If your payroll records were destroyed in the disaster,we urge you to consult with experienced legal counsel to reconstruct yourrecords in order to avert another disaster in the future.
Disaster Relief Programs
In this section we present some basic information about disaster reliefprograms and some cautionary tales based on our own experiences. TheFederal Emergency Management Agency (FEMA) is the agency of theU.S. federal government that may be able to provide your business withlow-interest disaster loans for businesses, working capital assistance forsmall businesses, and referrals to other agencies, programs, and servicesthat assist in postdisaster recovery. FEMA assistance becomes availableonce the president signs a major disaster declaration. When the Presi-dent has declared a geographic zone3 a federal disaster area, certain typesof federally funded assistance become available to the residents andbusinesses of that area.
Not all disasters qualify for FEMA assistance. The more commondisasters that small businesses are likely to experience are discrete, local-ized disasters, such as a fire in the business facility or a disruption of theelectrical power supply. While such events can have tragic consequencesfor the individuals who experience them, they are not of sufficient scaleor scope to warrant the intervention of the federal government in therecovery effort. For the purposes of this chapter, we assume that yourbusiness has sustained a major disaster that was recognized as such by theU.S. federal government.
As such, there are two approaches to the topic of disaster relief thatwe would like to take. The first concerns the needs of your extended smallbusiness family—employees and residents—in a disaster area; the secondconcerns the needs of the small business itself, which is, of course, thefocus of this book. The two are intimately related with one another: your
120 Contingency Planning and Disaster Recovery
community has a stake in your business’ recovery from the disaster andyou have a stake in your employees’ personal recovery from the disaster.
I (Donna) have the experience of both residing in and owning a smallbusiness in a federal disaster area. As such, I was displaced for a periodof time from both my home and my place of work and dealt with resto-ration efforts for both simultaneously. I became convinced of the neces-sity of household contingency planning on October 6, 2001, when I reg-istered with FEMA. That is when I learned that many of my neighborswere inadequately insured for the disaster. As you would expect, it wasdifficult to obtain accurate information about disaster relief programs ona timely basis. One of my neighbors, for example, was served with noticeof foreclosure on her home when she missed mortgage payments forOctober and November of 2001, following her husband’s death in theWorld Trade Center. Her mortgage bank was not aware (apparentlyneither was she) that the Federal National Mortgage Agency, “FannieMae,” had imposed a ninety day freeze on foreclosures, a waiver of de-linquency fees, and reduced or waived interest charges on mortgages heldby victims of the attacks. After visiting the FEMA website and reading thelist of federal disasters throughout the United States over the past twoyears, I began to appreciate the need for information on contingencyplanning and disaster recovery for households. Our current endeavoraddresses the needs of small businesses, but I plan to address the disas-ter recovery needs of households in the future.
Meanwhile, remember the personal needs of your employees, cus-tomers, and suppliers during a time of disaster. This, in turn, directlyaffects your recovery effort. It is hard to focus on business recovery ef-forts when you are worried about being turned out of your home, if thebank has initiated a foreclosure, if you have lost a loved one, if a spousehas lost his or her job, or you are under otherwise severe economic orfamily pressure. We found it helpful to form a community of small busi-ness owners to share information concerning disaster relief programs tohelp individuals and businesses. Many hands make work light, as thesaying goes, but it also conveys the sincere sense of caring and concernthat we all feel. To the extent you have available resources, we would urgeyou to devote some time and effort to gathering information that mayhelp your employees and their families recover from the disaster. Perhapsyou could post notices on the company intranet of appropriate reliefprograms for which employees may qualify. Don’t forget to extend thesame assistance to your local suppliers and customers. When you are
Response 121
recovering from a disaster, you will begin to appreciate, if you had notdone so before, the extent to which we depend on one another.
Now that we have acknowledged that you should attend to the per-sonal needs of your staff, let us turn our attention to your small business’srecovery effort. If your business has been affected by a national disaster,the first step in working with disaster relief agencies is to register withFEMA. You may do so by calling their toll-free “800” number and com-pleting an interview over the telephone. (If you are a resident of a fed-eral disaster area, you also must register yourself as an individual. Thereare different programs for families who live in disaster areas for whichyou may qualify. In this book, we cover only the programs relevant tosmall business.) You may qualify for:
• Low-interest disaster loans for businesses and private not-for-profitorganizations.
• Working capital assistance for small businesses.• Disaster unemployment assistance.• Referrals to other agencies, programs, and services.
Once you register your business with FEMA, you will receive by maila disaster loan application from the U.S. Small Business Administration(SBA). The SBA is the primary source of federal funds for long-termrecovery assistance for disaster victims. For disaster damage to propertyowned by businesses and nonprofit organizations, which is not fully cov-ered by insurance, the basic form of U.S. federal government assistanceis a low-interest disaster loan. Businesses of all sizes and nonprofit orga-nizations may borrow up to $1.5 million from the SBA to fund repairsor replacement of real estate, machinery and equipment, inventory, andother assets that were not covered by insurance.
The SBA’s criteria have historically been that if 25 or more homesor businesses in a county have sustained uninsurable damage—which theSBA defines as 40% or more of the property value—loans to repair prop-erty loss will be made available. Over the past decade, the SBA has dis-bursed almost $1 billion annually in disaster loans. The peak occurredin 1994, following the Northridge, California, earthquake, when the SBAextended 125,000 loans in the amount of $4 billion.
If your business is a farm, business and farm loans are available if youhave suffered damage to business property or economic injury. Low-in-terest loans are available through the SBA and the Farm Service Agency
122 Contingency Planning and Disaster Recovery
to repair or replace damaged property not covered by insurance, and toprovide working capital. In addition, the U.S. Department of Agricul-ture’s Extension Service provides information and materials to farmersto advise them on measures that they can take to protect their farmsagainst the hazards associated with disasters. The Extension Service pro-vides information on the cleanup of damaged property, sanitation pre-cautions, insect control, food preparation in emergencies, recovery ac-tions on damaged farms, and renovations of damaged equipment andproperty.
If your business has sustained losses that were not fully covered byinsurance, the Internal Revenue Service (IRS) may afford you some re-lief. The IRS may allow casualty losses that your business suffered to bededucted on the income tax return if they were not covered by insurance.Your business also may file an amended return to receive an early taxrefund. Your accountant can advise you accordingly.
If your business has sustained an economic injury, you also may ap-ply to the SBA for an economic injury disaster loan (EIDL). The purposeof this loan program is to provide funds to eligible small businesses tomeet their ordinary and necessary operating expenses that they couldhave met, but are unable to meet as a direct result of the disaster. Theseloans are intended to provide only the amount of working capital neededby a small business to pay its essential operating expenses and obligationsuntil operations are fully restored. These loans will cover lost income, lostprofits, or losses attributable to general economic conditions. Theproceeds of these loans cannot be used to refinance long-term debt,but they can be used to make payments on short-term notes, accountspayable, and installment payments on long-term notes, to the extentyour business could have made such payments had the disaster notoccurred.
Federal law requires the SBA to determine whether EIDL applicantscan obtain credit to finance their own recovery from the disaster fromnongovernment sources without creating undue hardship. The SBA hasdetermined that over 90% of disaster loan applicants do not have suffi-cient financial resources to recover from disasters without the assistanceof the federal government. However, because taxpayers subsidize EIDLloans (the maximum interest rate assessed by EIDL loans is 4%), appli-cants with the financial means to fund their own recovery are not eligiblefor the program. EIDL loans are extended on the following terms:
Response 123
• Credit requirements: the SBA must be persuaded that your busi-ness can repay the loan.
• Collateral requirements: loans in excess of $5,000 require thepledge of collateral to the extent that it is available, as well as per-sonal guarantees by the principals of the business.
• Interest rate: the interest rate is recalculated each quarter with amaximum of 4%.
• Loan term: SBA will set the term in accordance with the borrower’sability to repay, to a maximum term of 30 years.
• Limit: the amount of each loan is limited by the actual economicinjury, as determined by the SBA, that is not compensated by in-surance and is in excess of the resources the business and its own-ers can provide, and is not otherwise open to financing by privatesources of credit.
• Insurance requirements: the SBA requires borrowers to obtain andmaintain insurance on the business property as well as insuranceon the property collateralizing the loan.
The SBA may provide staff to assist you in preparing your loan ap-plication. It is not necessary to demonstrate that you have been declinedfor private bank loans before applying to the SBA program; the SBA willapply its own criteria to determine if your business would be able toobtain funding elsewhere. The SBA disaster loan program is administeredthrough four regional offices:
Disaster Area 1 Office, 360 Rainbow Boulevard South, Niagara Falls, NY14303
Telephone 1-800-659-2955Serves: Connecticut, Delaware, District of Columbia, Maine, Maryland,
Massachusetts, New Hampshire, New Jersey, New York, Pennsylvania,Puerto Rico, Rhode Island, Vermont, Virgin Islands, Virginia, andWest Virginia.
Disaster Area 2 Office, One Baltimore Place, Suite 300, Atlanta, GA 30308Telephone: 1-800-359-2227Serves: Alabama, Florida, Georgia, Illinois, Indiana, Kentucky, Michigan,
Minnesota, Mississippi, North Carolina, South Carolina, Tennessee,and Wisconsin.
124 Contingency Planning and Disaster Recovery
Disaster Area 3 Office, 4400 Amon Carter Blvd, Suite 102, Fort Worth,TX 76155
Telephone: 1-800-366-6303Serves: Arkansas, Colorado, Iowa, Kansas, Louisiana, Missouri, Montana,
Nebraska, New Mexico, North Dakota, Oklahoma, South Dakota,Texas, Utah, and Wyoming.
Disaster Area 4 Office, P.O. Box 13795, Sacramento, CA 95853-4795Telephone: 1-800-488-5323Serves: Alaska, American Samoa, Arizona, California, Guam, Hawaii,
Idaho, Nevada, Oregon, Washington, Commonwealth of the North-ern Mariana Islands, and the Federated States of Micronesia.
In determining the amount of an EIDL loan, the SBA will prepare apro forma analysis of your business income statement and balance sheet.That is, they will make a snapshot of the expenses that your business couldhave met and the working capital position that your business could havemaintained had the disaster not occurred (in other words, your businessfinancial statements pro forma for the disaster). They will also considerthe total amount of your existing debt obligations; the operating expensesthat mature during the period affected by the disaster; and the sum youneed to maintain a reasonable working capital position during that pe-riod.
In addition to the economic physical disaster loans for small busi-nesses and the EIDL for small businesses, the SBA offers two other loanprograms that may be relevant to your needs. The SBA offers disasterassistance loans for homes and personal property, which are loans tohomeowners or to renters to repair or replace disaster damages to unin-sured real estate or personal property they own. Renters are eligible toborrow funds to cover personal property losses only. If the SBA declinesto extend such a loan to you, it will refer you to the Individual and Fam-ily Grant program (administered by state governments) to be consideredfor a grant of up to $14,000 to assist you with disaster-related expenses.This program may be of interest to you or to your employees, so makethem aware of it. We hope you are not in need of loans to cover physicaldamages to either your business or personal property. At predisastermarket rates, you could have obtained coverage for $70,000 of propertyfor under $400 in New York City. This is a far better arrangement thanobtaining loans (even those with interest rates capped at 4%)!
Response 125
The final SBA loan program to consider is the Military ReservistEconomic Injury Disaster Loan Program, which extends loans to eligiblesmall businesses to meet ordinary and necessary operating expenses thatit could have met, but cannot meet, because an essential employee wascalled to active duty as a military reservist.
If you have illiquid financial assets that could otherwise finance cer-tain of these needs, you may obtain some relief once the governmentdeclares a disaster. Banks that are members of the Federal Deposit In-surance Corporation, the Federal Reserve System, or the Federal HomeLoan Bank Board may permit early withdrawal of time deposits, withoutpenalty. Ask your financial institution if it has obtained the necessarywaiver from its regulatory agency. Be sure to ask, because often the banktellers are not aware of this provision. I (Donna) stopped a friend fromincurring a substantial penalty for early withdrawal of a certificate ofdeposit by advising her of this disaster-related program. (Her businesswas based in California and was affected by the Northridge earthquake.)She wrote a letter of inquiry to the manager of her bank’s local branchand the early withdrawal penalty was waived. Be aware that often infor-mation is not widely disseminated throughout large organizations andthis will be a source of frustration to you as you implement your recov-ery efforts.
We can tell you from our own experience that government employ-ees, bank employees, and relief workers often give out incorrect infor-mation to applicants because they are not aware of the program require-ments or amendments. If your need for access to funds is so urgent thatyou are prepared to incur penalties for early withdrawal for time depos-its, write a letter to your bank explaining your circumstances and howyour business was affected by the disaster. Follow up when you are fur-ther along in restoring your business and have time available. You maybe able to obtain reimbursement of the penalties you incurred if the bankstaff subsequently learns that penalties are often waived in the case ofdisaster.
Should you require assistance in preparing an application for an SBAloan, a number of resources may be available to you, including the SBAitself. You should also consider your local business school or state uni-versity; many business school campuses have small business clinics toprovide free or low-cost assistance to business owners while giving theirstudents valuable experience. (The students generally work under thesupervision of a faculty member, many of whom are experienced busi-
126 Contingency Planning and Disaster Recovery
ness people. This can be a real source of value to your business.) Checkwith local professional organizations. Following disasters in New York andGeorgia, the local societies of Certified Public Accountants offered smallbusiness owners assistance with preparing SBA loan applications and withapplying for tax filing extensions. Free or reduced cost legal services maybe available to your small business following a disaster from the mem-bers of your State Bar Association.
We hope that your insurance program covers the property damageto your business and provides a reasonable settlement to your businessinterruption claim. (If not, read the next chapters with care.) If that isthe case, you may not need an SBA loan. Our advice in these matters isto plan for the events that you can reasonably anticipate, such as secur-ing adequate insurance coverage. Should you be approved for an SBAloan, congratulations, but we advise small business owners not to rely onthe availability of such funding for contingency purposes for the follow-ing reasons:
• Size of business. The SBA defines small businesses in its regula-tions and has established a size standard for each industry, basedon either the number of employees or the average annual rev-enues of the business. Let us share with you two examples that werereported in our local press. A Lower Manhattan restaurant we hadenjoyed, American Park, was closed following the September 11disaster. Employees assisted the business owner in cleaning thedamaged property and the business applied for a loan. The SBArejected the application because the restaurant company’s rev-enues exceeded the cap established for New York City. The restau-rant company was turned down for several bank loans, for reasonssuch as failing to meet the lending criteria or bank requirementsthat 80% of the shareholders of the business would be requiredto personally guarantee the loan. Another of our favorite LowerManhattan establishments, the Century 21 department store, wasclosed for more than five months following September 11, 2001.The attack on the World Trade Center shattered the store’s win-dows, destroyed glass merchandise cases, and caused the lowerlevel to flood when the sprinkler system was activated. The chiefoperating officer of the company was quoted in the press as stat-ing that the company was denied an SBA loan because it had morethan 50 employees. The store’s refurbishment cost the company
Response 127
approximately $10 million.4 Because of the company’s size, it wasin the middle between funds available for large corporations andgrants for the smallest businesses. We refer to this as the“Goldilocks” phenomenon; our conversations with affected smallbusiness owners in Lower Manhattan revealed that some busi-nesses were too small to qualify for assistance, some were too big,and a relative few were just right.
• Credit-worthiness. Because the assistance is in the form of a loan,the SBA requires reasonable assurance that the loan can and willbe repaid. Many small business owners did not qualify for a loan,or were reluctant to assume additional debt, as they were alreadyexperiencing a general economic downturn.
• Causal relationship. To qualify for an SBA loan, the economiclosses to the business must be directly tied to the disaster. Lesstangible factors affecting your business, such as a reluctance ofyour customers to visit the disaster area (and thereby patronizeyour business) are not always clearly linked to the disaster by theSBA’s criteria.
• Personal guarantees. One attorney wrote to the editor of a localbusiness publication that his small law firm had been approved foran SBA loan on the condition that he pledge his home, his pri-mary residence, as collateral. Given the uncertainty about whenLower Manhattan would recover from the disaster, many smallbusinesses were reluctant to put themselves at greater risk. Indeed,we incorporate our businesses, in part, to give some measure ofprotection to our personal assets. Since there is likely to be uncer-tainty as to when roads will be repaired or traffic routes reopenedor public transportation access resumed following a disaster, yourbusiness recovery is at risk for events beyond your control. As such,we would be reluctant to put our homes at risk to secure loans.Consider if you have other assets available to offer as collateral, butbe advised that the SBA generally prefers real estate collateral.
Don’t expect that an SBA loan will be available to you to cover yourdisaster-related expenses or that it is necessarily your best option topledge your home as collateral for the loan. A carefully crafted insuranceprogram is the cornerstone of your contingency plan, and with that inplace, you will be less dependent on other types of assistance. The afore-mentioned Century 21 department store relied largely on its own finan-
128 Contingency Planning and Disaster Recovery
cial reserves as well as insurance to fund its restoration efforts, with thegoal of preserving as many jobs as possible. Floor managers of the down-town store were transferred to Brooklyn and to Long Island, along withone-third of the sales clerks and cashiers. The remaining employees werelaid off and subsequently called back when the store reopened for busi-ness. This brings us to the next element of disaster relief: disaster unem-ployment assistance.
The U.S. Department of Labor provides benefits and services to thosewho lose earned income or become unemployed due to a disaster, eitherthrough unemployment insurance or disaster unemployment assistance.Self-employed persons, sole proprietors, small business owners, and oth-ers who would not otherwise qualify for unemployment insurance mayobtain disaster unemployment assistance. This program also can be help-ful to those who recently entered or reentered the workforce, and there-fore have not accumulated sufficient credits to qualify for traditionalunemployment benefits when disaster strikes. The procedure is to applyfor traditional unemployment insurance and when such benefits aredenied, appeal for disaster unemployment assistance. You will have to bepersistent because unless your state’s department of labor has experiencein working with federal programs to recover from disaster, its staff is notlikely familiar with the program. We can tell you of many, many New YorkCity residents who were turned away by workers at the State’s Departmentof Labor because they did not qualify for unemployment benefits. It tooktime for the details of the disaster unemployment assistance program tobe disseminated throughout the Department of Labor in Albany, NewYork. Should you be in the unhappy position of having to lay off employ-ees following a disaster, advise them of the disaster unemployment assis-tance program. Some of your employees, such as the recent hires, maynot qualify for traditional unemployment benefits. Try to ease the painby providing information regarding other types of disaster-related pro-grams for which they might qualify, as we had discussed earlier in thischapter.
We conclude this section by discussing assistance offered by disasterrelief agencies. The leading disaster relief organization, the AmericanRed Cross, provides assistance to individuals and not to businesses. How-ever, if you are self-employed or if your business is a sole proprietorship,you may qualify for individual assistance. For other types of small busi-nesses, such as limited liability companies or sub–chapter S corporations,it is worthwhile to consider the resources of the Red Cross in providing
Response 129
free or low-cost counseling services to deal with the psychological con-sequences of the disaster. The Red Cross is experienced in dealing withthe emotional reactions to disasters, ranging from relatively minor anxi-ety all the way to posttraumatic stress disorder. I (Donna) would urge allsmall business owners to visit a Red Cross counselor as soon as possiblefollowing the disaster. You will be feeling the stress of recovering fromthe disaster and the need to take care of your employees. It can be ex-tremely helpful just to talk to someone who is not completely burned outby the challenges that you are now facing. It is comforting to know thatyou are not alone and that your reactions to the disaster are common.Finally, the advice of an experienced counselor can help you to recog-nize symptoms of difficulty among your own employees and encouragethem to seek appropriate help.
The challenge of writing this section of the book is that disaster re-lief is not uniform and different services may be made available in dif-ferent cases. The victims of the bombing in Oklahoma City, for example,did not have access to the same types of resources that were made avail-able following the attacks on the World Trade Center and the Pentagon.Even if you do ultimately secure assistance, such as an SBA loan, theprocess of applying for assistance consumes time. Your business will needfunds until the assistance is disbursed.
Should the time-consuming process of applying for assistance provemore difficult than it should be, consider contacting your elected rep-resentative. Visit the website of the United States Senate or House ofRepresentatives to obtain the local address of your senator orrepresentative’s office of constituent services and send a polite notedescribing your difficulty in dealing with an agency of the federal gov-ernment. Enclose supporting documentation, if it is available, and in yourcover letter, give explicit authorization to review your files in connectionwith this matter. (If you fail to give this authorization in writing, federalprivacy laws will keep your materials confidential and limit yourrepresentative’s ability to help you.) I had an issue with FEMA that I wasunable to resolve within six months, which I considered to be an exces-sive amount of time, and wrote letters to both New York senators. Withintwo days, their staff began making inquiries on my behalf at FEMA andthe process was moving again. I urge you to do this, if only to make cer-tain that your senators and congressmen are aware of the issues. Smallbusiness owners are an important constituency for job creation andgrowth and if there are issues in dealing with the agencies of federal
130 Contingency Planning and Disaster Recovery
government, our representatives must know about them in order to takeappropriate corrective action.
We would like to close this section with a piece of advice: workwith other small business owners to resolve issues of mutualconcern. There is strength in numbers and you may be able to
provide information and advice to your peers in the small businesscommunity and they will almost certainly do so for you. You will be sur-prised to learn how much information is conveyed following a disas-ter, by word of mouth, even in our mass media age. There is a greatdeal of confusion following a disaster. Program requirements change,employees of relief agencies often don’t have the latest information,the news media can occasionally get the details of disaster relief pro-grams wrong, and you will be surprised how much you learn by shar-ing with your peers in the small business community. The Battery ParkCity Broadsheet5 expressed this view most eloquently when report-ing on a disaster relief program offered by the Department of Hous-ing and Urban Development:
HUD’s first allocation towards the recovery effort is $700 million,part of which is earmarked for small businesses. Unfortunately,what most small business owners have found is that receiving apiece of the $700 million is about as likely as holding a winningPowerball ticket. From the Ground Up, an organization compris-ing more than 100 small businesses in Lower Manhattan, is dedi-cated to making the distribution of aid fair, adequate and easierto procure.
Kevin Curnin, a lawyer with Stroock, Stroock and Lavan,founded the group with Jeannine Chanes of Fried and Epstein.He said agencies allocating financial aid in most cases have de-fined “small business” as having as many as 500 employees. “Fivehundred is not small,” Curnin said. “This includes massive firmswho have insurance. Put a big fish in a small pond and that bigfish is going to take a disproportionate share of the resources.It’s impractical and wrong.” Another problem with aid allocationthus far, according to Mr. Curnin, is that the amounts do not be-gin to cover the loss of business, equipment, staff, or merchan-dise.
Response 131
Aid is not getting to the businesses that really need it, Mr.Curnin said. Many pizza parlors and shoe repair shops—busi-nesses that Mr. Curnin argues make a neighborhood a neighbor-hood—did not have adequate insurance or a safety net thatwould allow them to survive being closed for months.
In the short time that it has been in existence, From theGround Up has proved that there is strength in numbers. A singlevoice becomes hundreds of voices, a hundred thousand dollarsin annual revenue becomes hundreds of millions, and a fewsquare feet becomes acres of commercial space—and govern-ment is beginning to listen.
Consider the value of the small business community in addressingthe next element of your reaction plan: communicating with your stake-holders following a disaster.
Communicating with Stakeholders
Following a disaster, you will need to communicate your recovery effortsto a number of stakeholders, including employees, their families, suppli-ers, and customers and other constituencies, such as your landlord, thetax authorities, your insurance company, your third-party services pro-viders, and many others. Following a disaster, people often assume theworst, so any information you can convey regarding your contingencyplanning will offer some reassurance. Indeed, to the extent your contin-gency planning efforts can assist others in your community, you maygenerate some additional goodwill for your business. I (Donna) remem-ber that after we were evacuated from Battery Park City to New Jersey onSeptember 11, the police boat brought us to Exchange Place. Smallbusiness owners who were tenants of nearby facilities had placed tele-phones in their lobbies so that people could call their loved ones any-where in the country and let them know that they were safe. Since wehad lost our telephone service in Lower Manhattan earlier that morn-ing, and our families had almost certainly seen the disaster on television,their generosity was greatly appreciated. I would certainly be more likelyto patronize these businesses for their support of the community.
In the recovery period that followed, many small businesses posted
132 Contingency Planning and Disaster Recovery
on the Internet details of their available space to assist other small busi-nesses that had been displaced. A spare room here, or an extra suite ofvacant offices there, made all the difference in the world to businessesstruggling to get back on their feet. Other businesses donated surplusequipment, such as computers and printers, to assist the businesses whoseproperty had been destroyed. A local company made available wirelessBlackberry units to small businesses in Lower Manhattan to assist themuntil telephone service could be restored on a permanent basis. Thecompany offered three months of free wireless service, which was a greathelp to small businesses who were working remotely and perhaps com-municating with colleagues who were temporarily working from home.To the extent that your business can assist in the recovery effort, youshould do so.
You will need to communicate with other stakeholders concerningyour recovery efforts. For certain of those communications, you shouldrely on expert legal advice because you may be surprised to learn of someof the risks to which your business is exposed following a major disaster.We were surprised, for example, to learn that business leases do notautomatically terminate when the premises are destroyed. We were alsosurprised to learn of certain contractual obligations that survive a disas-ter. Of course, we are not attorneys, but we consult them where appro-priate and we would advise you to do the same. I (Donna) have a friendwhose husband died in a disaster that had struck Georgia some time ago.The husband had operated his business as a sole proprietorship, whichmeant that his personal assets were available to satisfy his business debts.The surviving spouse did not fully appreciate the consequences of hiselected form of business organization, but fortunately she consulted withlegal counsel. She successfully petitioned the court to continue herhusband’s business on behalf of his estate.
There are certain communications that should be conductedthrough legal counsel, such as certain types of disputes with your insur-ance company, tax issues, and other contractual matters. It will facilitateyour recovery from the disaster if your legal counsel is briefed on the stateof your business as part of your contingency planning. Indeed, yourcounsel will provide some key input on the development of the contin-gency plan! If you have to assemble documents and obtain new counselafter a disaster when you are responding to time-sensitive matters, youwill delay the recovery process. Nevertheless, we would prefer that youact with caution and appropriate legal advice to deal with matters after
Response 133
the disaster than make poor decisions in haste because you were ill-ad-vised or not advised at all!
Communicating with employees and keeping them up-to-date as tothe status of the business is critical, both to ensure their effective coop-eration and to alleviate their anxiety about the future. You may post in-formation on the intranet on a daily basis to give everyone a commonplace to “meet” if you are operating from multiple remote locations.
Finally, you must communicate with your customers. Let them knowwhen you can deliver products and services that your business has com-mitted to them and keep them apprised of your efforts. You may losecustomers during the period immediately following the disaster whenyour business is not yet operational. This does not reflect any lack ofcustomer loyalty; it is simply that they must conduct their business withor without you. Communicating that you have reopened for business isimportant, and you may need to offer some incentives to bring yourcustomers back. In Lower Manhattan, restaurants that were temporarilyclosed contacted the customers on their mailing lists and announced thatthey were open for business. Some offered promotions, such as freedesserts with dinner. Others offered their customers helpful information,such as which subway routes continued to service the neighborhood.
Hairdressers who had formerly been employed in the World Finan-cial Center (adjacent to the World Trade Center) passed out flyers onthe street to advise local residents of their new places of employment.Service businesses contacted customers directly or posted notices on theircompany websites. You will have to be imaginative because your insurancepolicy will not cover the costs of advertising your return to business fol-lowing a period of interruption. In our opinion, the most effective wayto communicate with the community and with your customers is withother businesses. Customers may be reluctant to return to a disaster sitedue to the uncertainty of the conditions there. Are there new routesavailable to reach your business? Is parking available? Is it safe to breathethe air in the affected area? These concerns are not unique to your busi-ness; your neighbors have the same issues. If you work together to com-municate the recovery of your area, you can leverage limited resourcesto achieve a common goal. We have three specific suggestions.
First, some media outlets offer discounted advertising rates to busi-nesses located in areas that are recovering from disaster (an excellentexample of building goodwill). You may take out inexpensive advertise-ments in publications your customers are likely to read and announce
134 Contingency Planning and Disaster Recovery
the reopening of your business. Perhaps you can make it an event, withbeverages and refreshments, and invite your local political and commu-nity leaders. You might also consider cooperative advertising. If yourbusiness is located in a major retail center, for example, you could de-fray advertising costs by taking out a large advertisement listing all of thebusinesses that have recently reopened.
Second, consider contacting the media and suggesting a story abouthow your business experienced disaster. The media are always lookingfor a story and you could write a “pitch”: a proposal for coverage thatwould appeal to a specific interest. Perhaps you learned lessons in disas-ter recovery that you would like to share with others in your community.Perhaps your business has a particularly compelling human interest storythat puts a face to a disaster. Maybe you would like to publicly thank allof those who contributed to your efforts to recover, such as thefirefighters, the employees of the electric company, or the postal deliv-ery person who went out of his way for your business. A media story isfree advertising and can announce that you are back in business.
Finally, work with other small businesses to promote your recoveryefforts. Your combined resources can achieve much more than any singlebusiness could do independently. For example, Wall Street Rising, anorganization formed to restore the vitality of Lower Manhattan that ex-isted prior to September 11, 2001, launched a website and distributed a“Do It Downtown!” discount card that offered discounts to local busi-nesses to encourage people to come back to Lower Manhattan. You mayconsider a similar effort for your community or you may work with yourlocal chamber of commerce to communicate your ongoing commitmentto recover from the disaster. In addition to leveraging limited resources,efforts such as these build morale. It is a sad experience to return to yourplace of work and see the physical damage, to think of the loved oneswho have been affected by the disaster, and to think of what was. Work-ing with others in your community will build commitment and support,and you will need both.
NOTES
1. Misunderstandings arising between a small business owner and his orher landlord can confound disaster recovery efforts. We would like tohelp you avoid two common sources of misunderstanding. The first
Response 135
concerns policy endorsements for Boiler & Machinery Insurance, whichcovers damage arising from your building’s boiler and/or electricalapparatus. Many small businesses forego such coverage because theymistakenly believe it is included in their standard form of coverage (itisn’t) or that their building management has appropriate insurance inplace. The building very likely does have such insurance in place, butunless you are a named insured on their policy, it will be of little ben-efit to you. Since the incremental cost of this endorsement to your prop-erty insurance is modest, we urge you to obtain it. The second sourceof misunderstanding concerns rent adjustments for periods of businessinterruption. We will cover this in greater detail in the next chapter. Beadvised, however, that you cannot rely on your landlord to insure prop-erty risks that will disrupt your business.
2. You may have to produce key documents, such as property titles anddeeds. If they are destroyed in a disaster, valuable papers and recordsinsurance will cover the costs of replacing those documents crucial toyour business.
3. Once a disaster is declared, FEMA will identify which counties qualifyfor public assistance. FEMA will then extend assistance to the affectedstate and local governments for the repair or replacement of publicfacilities damaged by the disaster.
4. Erika Martinez and Lisa Marsh, “Megastore Is Back in Business,” New YorkPost, February 28, 2002.
5. February 2–March 13, 2002, issue Volume 6, Number 3. The Broadsheetprovides local news to the residents of the Battery Park City Community.HUD is the acronym for “Housing and Urban Development,” an agencyof the U.S. federal government.
137
CHAPTER 3
Recovery
Once the immediate effects of the disaster have passed, it is time to re-cover. You have already taken corrective action as a direct response whenyou were directly hit by the disaster. Most likely, your disaster was a “mi-nor” event, and you did everything possible to mitigate your losses.
However, if you have experienced a major disaster, you will need timeto look forward and to recover from the event. Maybe you have to recon-struct some data; maybe you have to rebuild the whole office. Whateverthe case, you have to keep your business interruption as brief as possibleand to resume normal operations and productivity as quickly as possible.
While you are working hard on rebuilding your business, you facesome unexpected challenges. Your business may suffer some attrition ofcustomers and employees. Disputes with suppliers or customers that arisefrom the disruption of normal operations may result in litigation. Thiswill exacerbate your stress and further delay your recovery. We have seenmany situations in which the disaster recovery effort was delayed; inparticular, the process of data recovery was halted because employeeswere needed for critical delivery obligations. Data restoration is time-consuming, and this causes additional aggravation and frustration for theemployees and the clients. We can name small businesses in Lower Man-hattan that estimate it will take over one year to restore the data that werelost when the power failed on September 11, 2001. If we have not alreadyconvinced you, this is yet another reason why you simply cannot affordlengthy data recovery operations, particularly if you own or operate asmall business.
138 Contingency Planning and Disaster Recovery
Confounding recovery efforts are the emotional and psychologicalconsequences of a major disaster. These changes in mental status canrange from frustration, to feelings of being overwhelmed, to major dis-orders, like posttraumatic stress disorder or depression. These feelingscan be particularly acute if you have lost friends or colleagues. Suchconditions are difficult to diagnose, and you should turn to medicalprofessionals to counsel your employees.
In addition to these direct effects, you will also face issues with thirdparties. For example, your bank might refuse to extend your credit linebecause it doubts your ability to recover and resume profitability. Andthis comes at a time when you are most urgently in need of credit. Yourvalued clients may cancel contracts. They simply cannot wait until youhave reestablished your business operations, and may move on to anothersupplier. Another scenario is that your clients are in the immediate di-saster area, and the financial costs of their recovery efforts precludepurchasing products and services from your business. You may have somedisagreements with your insurance carrier regarding claims settlement.
You must become comfortable with ambiguity, because you will dealwith unfamiliar situations. Your attention should remain on rebuildingyour business and to swiftly recover from the situation. You may see thedisaster as an opportunity to start anew, to leave behind obsolete proce-dures and processes, to import some new ideas, to have a stronger senseof teamwork within your company, and to appreciate what is really im-portant in your life.
At this time, you need to establish clear priorities on how to restoreyour business after a major disaster. Priorities may shift and people willbe reassigned tasks, but in general, we suggest that you follow the follow-ing scheme:
1. Provide security. In any unforeseen event, but especially in thecontext of a disaster, business security is often compromised. Thisincludes physical security, due to diverted attention of securitypersonnel, as well as data security. Backup systems in a recoveryoperation are vulnerable to security breaches when the mainfocus is on reestablishing operations. The disaster recovery pro-cess should include only essential staff. Remind your staff that youare more vulnerable to possible security breaches during thisperiod. Simple tasks, such as retrieving data from the backup
Recovery 139
system, could open short-time data security holes that an expe-rienced user could exploit to obtain confidential data of the com-pany. Protect your valuable IT equipment following a major di-saster. Often such equipment is removed from the premisesbecause it appears to be damaged, but even so, a trusted systemsexpert should inspect all IT equipment to ensure that it really isbeyond repair and that all sensitive data are thoroughly deleted.
2. Office space. You need space to accommodate your employeesand you may not be able to return to your former worksite. Letus share with you a personal example. A former colleague set uphis own small business in what he thought was a secure officebuilding. A water line broke that released water into the desktopcomputers. As a consequence, those computers were damagedbeyond repair. Fortunately, the damage was soon brought undercontrol; systems were replaced and data were restored. However,two weeks after the water leakage, mold developed and the of-fice required four weeks of intensive renovation. It was not safefor the workers to enter the office during this time, becausehazardous chemicals were being used to remove the mold. Thisis a true story and what makes this gentleman’s situation evenmore wretched is that he did not have insurance.
3. IT infrastructure. Determine if third-party services require re-pair. You may have to reorder certain services because long leadtimes often precede new installations following a disaster. Thenext priority is the reestablishment of communication services,phone, fax, and e-mail, followed by retrieving essential data, suchas client contact lists. It is important to prioritize this work andto protect the system staff from impatient users who will ask themto set up their desktop workstations first. You should know thatit will be fairly difficult to estimate repair times in advance. Forthe IT infrastructure, it will very much depend on how much timehad been available to perform a clean shutdown of all systemsand which parts might have been damaged due to power failureor physical destruction. For services that rely on third parties,such as your phone and Internet services, many other businesseswere likely also affected. Although your phone company will dowhatever it can to restore your service, it may be hard to estimatewhen that will happen. Sometimes service providers protect
140 Contingency Planning and Disaster Recovery
themselves by erring on the side of caution—don’t panic! WhenI (Donna) first returned to my Wall Street office after the Sep-tember 11 attack on the World Trade Center, a representative ofmy telephone company advised me that it would take at least fivemonths for office telephone service to be restored. Service wasrestored within weeks. Focus on the items that are within yoursphere of control and you will not only be more productive, youwill reduce your stress level.
4. Business administration. During the ongoing recovery process,a core group of key employees will have to cover all departments,assume full operational capability, and make decisions on themost critical matters. They must ensure that all outstanding ob-ligations are satisfied in an appropriate manner, which will alsoset the priorities for establishing further vital business functions.In addition, you will need an experienced person to overseehuman resources and other administrative functions of yourbusiness. That person will provide services such as recoveringcontracts for evaluation, filing insurance claims, and providinginformation to employees or to the families of employees.
5. Marketing and sales. The next priority is that the marketing andsales groups should establish an emergency public relations pro-gram. They will immediately contact clients informing them thatthe company did have a disaster recovery plan and was preparedto handle the disaster. They will announce the recovery timeschedule, and discuss implications for contracts with third par-ties. They also will handle requests from the media for informa-tion or interviews. Depending on the nature of your business, youmay find a way to recoup lost revenues and generate some good-will by assisting other businesses in your community with theirrecovery efforts.
6. Accounting and payroll. Your controller, treasurer, or chief finan-cial officer is a key part of the recovery process. Keep in mindthat your employees must be paid in a timely manner, especiallyduring the disaster recovery period. Your accounting team alsoneeds to make sure that the company fulfills its financial obliga-tions, provides a schedule of necessary bill payments, and esti-mates the approximate recovery costs for which you may needadditional credit.
Recovery 141
At this point you should have established a solid foundation on whichyou can rebuild your business.
Take time to reflect on what has happened and what you have learnedfrom it. Your contingency planning and disaster recovery effort mustadapt to changing conditions and new technology. Evaluate your staff’sperformance and handling of the crisis. Is additional training required?Assess your experience with third-party providers. Were they able tohandle the crisis as well as you did? Perhaps there are measures that canbe taken to reduce the risk of recurrence of this particular disaster. Youmight have found that you need different equipment, faster backuptimes, better organization, and so forth. You can learn many lessons fromsuch extreme circumstances. We explore these options in detail in thefollowing sections.
But first, a word from our own experience. During the recovery pe-riod, you may often feel disoriented and overwhelmed. Develop a planto handle the additional stress. During the period that I (Donna) wasdisplaced from my home and from my office, Stefan and I watched theghastly plume over Lower Manhattan for days. We spent an afternoonin an arboretum in New Jersey, away from the news coverage of the di-saster. It was a life-affirming experience to appreciate the beauty of na-ture and to put matters into perspective. Remember that you will comethrough this experience and you will learn from it.
IT INFRASTRUCTURE
Disaster recovery begins when the actions to minimize IT damage be-come a structured effort. Guide your employees to this process, and thenscope out the remaining work and the responsibilities of your employ-ees to complete the recovery effort.
If you prepared carefully, most of the “daily” disasters, like humanerror, equipment failure, and third-party failures, will be satisfactorilyaddressed during your immediate reaction to the event. The recoveryportion then focuses on fixing some loose ends, documenting and ana-lyzing the impact of the disaster, and determining how it can be avoidedin the future. Over time, you will learn how to handle these small crisesmore efficiently. From time to time, update your procedures to be con-sistent with the current best practices in disaster recovery.
142 Contingency Planning and Disaster Recovery
However, when you are undergoing a major disaster, your recoverytime can jump from minutes to days to months. You may have to rebuildyour whole company from the bottom up. The recovery effort then be-comes a full-fledged project that requires organization, planning, andproject management around the prerequisite that you maintain corebusiness operations for which you need particular IT support. It is criti-cal to get all systems running again in normal operation mode in theshortest amount of time. You won’t be able to devote your resources tosystem upgrades or enhancements. Your goal is to establish some nor-malcy to your business operations as soon as possible. You have to takecareful and small steps to first assure a minimal operational environment,and then proceed toward full recovery.
Begin by assessing what is immediately required to continue opera-tions, even if not all IT systems can be ready, and determine how to con-tinue rebuilding your IT equipment. Make an inventory of what isneeded, and if you require certain parts, purchase them right away.
If your network infrastructure has been affected, it must berebuilt, even if it is only one network segment. Because this isso critical, network replacement equipment should always be
in your spare parts inventory, which could be at the same location asyour disaster recovery site. The next priority is access to data, ei-ther recovered or from your backup system. Depending on your sen-sitivity to downtime, these data must be available within minutes tohours and provided for access at one location. After that, the net-work is reestablished.
The next priority is to reinstall your desktop computers from diskimages that you saved as part of your stage two plan. If some functionsof the PC do not perform properly, don’t invest time at this critical pointto resolve errors. In a crunch, boot the PC into the simplest setup pos-sible, by using methods such as hardware profiles or the save mode bootfeatures of your operating system. This will at least ensure that users canagain access and share their files.
You need to determine which third-party services continue to func-tion. If some or all of them are down, prepare a plan of the “hierarchyof needs,” the services you need back, ranked in order of urgency. Con-tact your providers’ technical support departments, or better, your direct
Recovery 143
support contact, to alert them to your circumstances. They can help youmuch better if they understand the constraints under which you areworking. You could also establish temporary service by backup methods,such as a dial-up solution, or you could try to connect to the Internet andmake access available throughout the network.
If there was an incident with hazardous materials, you may need totake specific precautions, and to rely on a team of specialists to clean youroffice. Fire, natural disasters, and terrorist attacks may destroy substan-tially all of your IT equipment. Even if you have the funds to replacedamaged equipment, you will likely not be the only business in need ofreplenishments. It will be difficult to obtain new equipment quickly.Expect to encounter shortages of replacement parts and production ordelivery delays.
Your recovery effort will be greatly facilitated by thorough prepara-tion and training for this contingency. Basic checklists of anticipatedneeds can save you time in determining what recovery and testing stepsto take. It is much easier to develop a plan and prepare checklists of “todo” items in a period of calm, before a disaster strikes. As the businessevolves, so do the checklists. They should reflect changes to keep themup-to-date. Always keep this information accessible in hard copy withinthe company and also off-site so that someone else could act in yourabsence, if necessary.
And once you have successfully managed to work through a disastersituation, remember to document all the actions taken and changes madeto improve your disaster recovery capability in the future. Don’t forgetto express your appreciation to your staff and your vendors for the sup-port they have provided.
Human Errors
Human errors are to be expected, but when they are excessive, it is timeto scrutinize your business procedures. This can be a contentious pro-cess. Usually, several people contribute to the retrieval of an importantlost file. This can lead to a heated situation. IT people are notorious forcomplaining about “stupid” users and the extra work caused by theseincidents, while the user feels embarrassed and intimidated.
Observe how much more pleasant the situation becomes when abackup system is available from which files can be retrieved individually
144 Contingency Planning and Disaster Recovery
by the user without intervention from anyone else. Additional work isrequired to install the backup system and to configure it for your spe-cific needs, but in the end it is a time saver for everyone. We have seenhow well simple tools, like the backup file synchronization, are accepted.Everyone can appreciate their value.
How can we minimize human errors in the future? You will not beable to eliminate human errors, but you can take measures to reducethem. Do users receive adequate training? Do they bring the right skillsets to the job? We often see users writing collaborative documents, butare unaware of, or sometimes even unwilling to use, version control tools.Often, a proxy for version control is created by sending documents viae-mail. At least this way the documents are time stamped. But this is aninefficient and vague control mechanism. The burden is always passedto the recipient to reconstruct the document to reflect all editorialchanges. In such a scenario, conflicting versions of the document appear.
Equipment Failures
Your recovery path from equipment failure will be determined bywhether or not you suffered a loss of data. Data loss usually occurs whena hard disk malfunctions, but can occasionally be the result of a softwareglitch, a power failure, or a system crash. The disk most likely shows somesigns of malfunction and remains in physical working order. Even so, itmakes sense to replace the faulty disk and to restore the data from thebackup, so that the user can continue to work. Then determine if the diskcan be salvaged by reformatting it. However, given the continued declinein disk prices, it would likely make sense to discard the disk.
If your machine does not boot up promptly, but otherwise appearsto be in working order, it does not necessarily mean that you have toreinstall everything. Disk recovery tools are often very effective for repair-ing and installing new boot information. You need to rely on your databackups, however, because if your disk crashed and your data are notavailable on a backup, you need to pass the disk on to a data recoveryprofessional. These services can be quite costly. Typically, a fee on theorder of $100 is assessed simply to accept the disk for a preliminary di-agnosis. After that, the cost of recovering your data can easily run intothe thousands of dollars. Are your data worth that sum? Probably yes, soyou will pay, but you will have learned the hard way that maintaining
Recovery 145
proper data backups is much less expensive and the turnaround timeduring recovery is much shorter.
Other PC components that are likely to fail are the fans, the powersupply, and the main board. If these parts fail, it saves time to simplyreplace the whole unit. Have a PC technician look at the old unit. If itcan be repaired, fine, but often it is simply not worth it.
There is a whole category of equipment failures that aren’t reallyequipment failures. These are the cases where a cable is loose or broken,the environmental conditions are unfavorable, and so forth. These casesare actually difficult to identify because often, as in the case of a loosecable, the connection is intermittently disrupted and then fails com-pletely. Do not be afraid by the perceived complexity of the systems. Mostoften, malfunctions have simple causes. It is therefore a good idea to firstcheck all connectors, and to have replacement cables available.
Once the equipment is rebuilt, thorough testing should beperformed before it is connected again to the network. Spe-cial disaster recovery configurations, such as a specific
preinstalled hardware profile, would allow even a limited machine toboot and to connect to the most important services.
Ask yourself what you have learned from your system crash. Howlikely is it that it would happen again and what would be the conse-quence? Would it be advisable to establish a more solid hardware base,such as the use of mirrored disk systems in the affected workstation? Didyou have all the spare parts or some systems to immediately replace thebroken equipment and to begin data restoration efforts as previouslydescribed? Why did this equipment failure occur? What was the impact?Would it be cost-effective to establish preventative measures, such as amirrored disk system or more frequent backups?
Some vendors will try to convince you that they have convenientsolutions to the problem of equipment failure. There is a strong corre-lation between perceived convenience and costs when it comes to contin-gency. We emphasize the word perceived because real disasters often re-veal the complexity of solutions that had initially been purchased becauseof their “convenience.” Salespeople often have difficulty assessing thelevel of contingency your business needs and, as a consequence, oftenoffer high-level contingency solutions with a commensurate high price.
146 Contingency Planning and Disaster Recovery
We suggest, however, that you first estimate the level of contingency youneed and benchmark all choices against that requirement so that you canhave an informed conversation with your IT staff and with sales vendors.Contingency will only be as good as its weakest link, so a flawless backupunit will not protect your business against a human error.
Equipment failures are best handled through organized plans forequipment replacement. Equipment failure through hardware malfunc-tion is most likely a localized problem, unless, of course, it is a networkcomponent for which either an alternative network route should beimplemented, or a spare part must be readily available. When a seriousdisaster strikes, it will be difficult to immediately procure equipmentparts. Manage your in-house stock accordingly. Make certain that youpurchase business products for professional use, and avoid productsdeveloped for home or consumer use.
In the event of equipment failure, you should first isolate this systemfrom the network because it could be a symptom of a virus attack. Youwant to stop a potential virus threat from propagating throughout yournetwork. Furthermore, it is much easier to locate and to identify the errorif you can be certain that no external parties interfere with your system.
Third-Party Failures
Many companies rely on Internet connections, especially for e-mails. Ithas become a standard tool for unofficial communication. How muchyou depend on the Internet will become clear once the service fails. Youhave to resume services as soon as possible. If you followed the advice inthe prevention section of this book, you probably will not have to domuch at this point. Your secondary Internet connection has automaticallytaken over, or you need to manually patch a network cable. And you al-ways have the backup of using one or several dial-up lines to establish anInternet connection. However, these dial-up connections should not bemade from individual PCs for security reasons. They should be madethrough a specified dial-up location, preferably a dial-up and routercombination.
Most often, however, the issues do not present themselves in a clearfashion. Users may complain about a “slow” Internet connection al-though your company has signed on to a DSL or cable high-speedInternet service. E-mail transmissions are erratic, connections occasion-
Recovery 147
ally time out, and web browsing appears sluggish. It can be difficult toassess whether these conditions are the result of a local technical prob-lem or a problem with third-party providers. These conditions may oc-cur every day, usually at peak traffic hours. Your Internet provider maytell you that everything is fine with their networks and their service. Ifyou read Chapter 1 (“Preparation”) carefully, you know that there aretwo issues you need to investigate: the actual bandwidth you are using,and the average latency time you receive from your most contacted ex-ternal hosts. In many cases, you will find that this sluggishness is causedsimply because your traffic passes through so many different networkrouters. With all network routers busy, even a small data packet will travelat one-tenth its usual speed. You also find that the available bandwidthto one individual during peak hours shrinks because too many peopleshare the connection from cable to the Internet. In either case, a call intocustomer support at your ISP will not help.
You will need to call your high-level contact at the service pro-vider, explain the situation, and ask that your traffic be routedin a different manner, perhaps directly to the Internet back-
bone providers. You will have a tough time convincing them becausethey don’t want to prioritize one client over another, but if you aresuccessful, you will be amazed with the results. If you are not able toconvince them, consider your options carefully. It might be time toupgrade your connection, from DSL or cable access to a true dataline, such as a T-1 line. It might help to simply change the provider. Youneed true quality of service from your ISP to properly conduct yourbusiness. Your ISP owes you a full explanation for the poor service. Ifyou are dissatisfied with their response, change to another provider.
After a power failure, you have to carefully restart the system by firstbringing all network components live, then the servers, and finally all theuser workstations. You need to run system and disk check software oneach workstation that was not cleanly shut down when the power failureoccurred. You may have serious data corruption issues on some harddisks. Some PCs may not boot up. It is probably more efficient to replacethe PC with another unit from your stock while you use recovery toolsto bring the damaged PC back to life.
A power failure will also affect your phone system. Telephones di-
148 Contingency Planning and Disaster Recovery
rectly connected to analog lines, however, will continue to work becausethe power is provided to them through the wire directly by the phonecompany. So it is just a matter of restarting your phone system to see ifit recovers automatically. It usually does. If not, call your phone techni-cian right away.
Assess how your company responded to the power outage. This re-sponse gives you valuable feedback about your preparedness for the mostsevere disasters. Did you have all essential machines on uninterruptedpower supply (UPS) units? Were they monitored by the machines thatconnect to them, and did the equipment sense the power loss and cleanlyshut down all the systems? You will probably find that you never againwant to go through the agonizing and nerve-wracking experience of acorrupted disk structure and will invest in UPS units, even though youmay never again need them.
Environmental Hazards
Environmental hazards of sufficient severity to interrupt business opera-tions are relatively rare. You likely do not anticipate such an event un-less you are in an area with a known exposure. The first step in recoveryis to ensure that the hazardous condition no longer exists. Minor haz-ards, such as noxious odors, may pass within hours. More severe cases ofcontamination with chemicals, biological agents, or radioactive agents willrequire a more extensive, professional restoration effort. In some cases,it might not be possible to decontaminate your premises and equipment.In the worst-case scenario, the site may be scheduled for demolition.
Most likely, you can continue your remote operation (stage one), soit is still possible to run a full backup of all systems. If the situation isquickly brought under control, people can reenter the building withina couple of hours. But if the situation persists, you need to continue yourcompany’s operations from your alternate site and to build up a smallinfrastructure that can support the critical business functions.
Work closely with your third-party vendors because you will needsome temporary services from them at your alternate site. But remem-ber that you should use a vendor that can guarantee you that it can pro-vide the service to you and will not be affected by the disaster. You shouldalso ask for special rates for disaster recovery site installation that areoften offered at discounts.
Recovery 149
If you can indeed return to your premises, you may encounter otherresidual problems, such as corrosion on equipment parts, damage fromthe cleaning effort, and so forth. Work with your insurance carrier toreach an agreeable settlement that will replace the damaged assets.
Fires and Other Disasters
When a fire strikes, there is a risk that your office will be destroyed andit may suffer some damage. You will have to move operations to an alter-nate site until your office can be restored or rebuilt.1 Your first priorityis to build up the recovery site so that the critical staff can convene thereand resume work. You should have on hand spare equipment and addi-tional components like network devices and cable. You need to work withthe team that will assume responsibility for core operations in the recov-ery period to ensure that their needs are met. We hope that your prepa-ration included conducting emergency drills and assessing the needs ofthe staff operating from the alternate worksite so that you have antici-pated much of what you will need.
The transfer of the operation to the disaster recovery site willbe smoother if you were able to perform a clean shutdown ofall equipment in your primary worksite or, if you were very lucky,
there was even enough time to run a full backup of all machines andcopy data over to your off-site server.
When building your small remote operation (stage two), your secu-rity scheme will change significantly. The core team needs unencum-bered access to information because they will perform additional roles.2
So expect that these adjustments on the operational side will take a sig-nificant amount of time. Advise your staff on the new access rules andremind them of their responsibility to safeguard confidential companyinformation.
When recovering from a severe disaster such as a fire, the ideal situ-ation for a small business is to be hosted by a larger company that canprovide temporary accommodations until a new office site can be con-structed. It is not only because many services are available that you wouldnot buy for your alternate site, but it is also reassuring to your employ-ees to feel welcomed and to work in a secure environment. Returning
150 Contingency Planning and Disaster Recovery
to your old worksite will bring back memories of the disaster. It is impor-tant to maintain an esprit de corps to deal with these emotions.
Terrorism and Sabotage
The recovery from an act of terrorism or sabotage has more to do withdealing with psychological trauma than with repairing the attendantphysical damage, which may be similar to that caused by a natural disas-ter, such as a fire. The questions about motives or the outrage about suchinhumane conduct will persist in the months to follow and will likely bea part of the community’s grieving experience. There is nothing that you,as a small business owner, can do to prevent it. You can increase securitymeasures at your facilities and try to keep a low profile.
You must organize a detailed investigation to detect any subtle dam-ages to your business. The most common form of sabotage consists ofvirus attacks on your IT infrastructure, but the damage can be mitigatedby good backup procedures and rigorous use of firewalls and virus de-tection software. The greatest degree of financial harm inflicted on yourbusiness will result from three efforts: (1) trade secret theft, (2) account-ing record manipulation, and (3) employee misuse of IT resources. Thedamage can be subtle and it may be some time before its effects becomeapparent. Mischievous transactions may include the placement of a Tro-jan Horse or some other method to penetrate your business’s computernetwork to obtain access to restricted information. If you suspect thatyour business may have been a victim of such acts, consult an IT profes-sional. We also encourage you to report such incidents (in the UnitedStates) to the Federal Bureau of Investigation. These acts occur moreoften than we think, but companies rarely report them out of embarrass-ment. The FBI may be able to assist businesses in a discreet manner,without inviting additional attention to the problem.
FINANCIAL LIQUIDITY
In the recovery process, you will address issues that were unresolvedduring the initial reaction to the disaster. You may have to resolve dis-putes with your insurance company regarding damaged property or otherbusiness losses. You may face the risk of increased insurance premiums
Recovery 151
as a result of the disaster. In this section we advise you on how to workthrough those processes. However, the recovery process is not just aboutunfinished business from the initial reaction to the disaster. Recovery isa forward-looking process. You will reflect on how your small businessreacted to the disaster, what you learned from that reaction and what youwill do differently in the future. You will almost certainly learn lessonsthat you can apply to your current and future business processes. Webelieve that some of the most valuable material in this book concerns thelessons learned by small business owners in Lower Manhattan followingthe September 11 disaster. We pass that information on to you in the hopeyou can benefit from their experiences.
Now that the initial reaction to the disaster has passed, you are likelyexperiencing a range of different emotions. Those reactions were likelysuppressed when you were busy trying to rebuild your business and re-sume operations. The frenetic activity occupied your mind and left youwith little time to think about your losses. Once you have some time alonewith your thoughts to reflect on the experience, you may experiencesome disquieting moments. By that time, your friends and family whowere unaffected by the disaster have moved on. The disaster is no longera news item; new stories are being reported. But you are only just begin-ning to deal with the feelings provoked by the disaster. We offer you someadvice on how to cope.
Resolving Insurance Disputes
From time to time, disputes arise concerning proper settlement of insur-ance claims. We hope that you do not have this experience, but if youdo, you are not alone. A survey3 conducted in early 2002 by the Alliancefor Downtown New York found that only 5% of retailers located southof Chambers Street (that is, those closest to the World Trade Center) hadreceived full payment for their World Trade Center–related claims. An-other 14% of retailers had received only partial payments of their claims.It is disheartening to learn of the experience of these retailers threemonths after an attack that devastated their businesses. The study foundthat a number of claims had been denied by the insurers or approvedfor sums significantly less than what the business owners had anticipated.According to the study, payments were often delayed to the businesseswhose claims had been approved.
152 Contingency Planning and Disaster Recovery
We cannot anticipate every circumstance that may give rise to a dis-pute with your insurance company, but we can advise you of steps to taketo mitigate your risk of such disputes or expedite their resolution. If youcannot resolve the dispute to your satisfaction, you have the option ofretaining legal counsel and bringing suit against your insurance company.This is an option you want to reserve until you have exhausted all othermeans of resolving the matter. Managing a small business is completelyengaging in the best of circumstances; your resources will be even morelimited following a disaster. It is not in your interest to become enmeshedin litigation. Unfortunately, insurance companies often appreciate thereluctance of small businesses to engage in costly, time-consuming liti-gation and so may be less motivated to respond to threats of lawsuits.
Ironically, liability claims are, in my experience (Donna), less likelyto be denied by insurance companies. If any aspect of the disaster givesrise to liability claims against your company, such as, for example, a claimagainst the directors and officers of your company for their alleged fail-ure to properly implement contingency plans for the business, you mustgive immediate notice to your insurance company. Furthermore, youmust work with your insurance company to mitigate your insured losses,exactly as we discussed in the previous section. If you have liability insur-ance, and, even better, an umbrella cover, your insurance company willalmost certainly want to select the legal counsel who will represent yoursmall business. Your insurance policy likely contains a provision for theselection of counsel.
You can appreciate their preference; as a large, well-capitalized cor-poration, the insurance company routinely deals with litigation and, asa consequence, has established relationships with many law firms expe-rienced in defending such suits. Due to the volume of business gener-ated for the legal profession by the insurance industry, insurance com-panies typically have negotiated fees with certain law firms at preferredrates. The insurance company would much prefer to select experiencedcounsel with whom they have an ongoing relationship than to rely on aninexperienced entrepreneur to select his or her own counsel and hopethat a wise choice was made. At the same time, it expedites claims settle-ment if the insurance company can work with legal counsel who is famil-iar with the corporate policies of the client, so the insurer need not ex-plain, over and over again, to a succession of law firms their approachin resolving claims and their corporate policies. Finally, the insurancecompany almost certainly benefits from a preferred fee structure, given
Recovery 153
the volume of business it may do with any single law firm. In this case,the insurance company’s size works in your favor.
In liability claims, you and your insurance company are partners inmitigating losses. As a consequence, it is critical that you document yourloss mitigation efforts; they are crucial to your defense. Your insurancecompany will rely on the advice of counsel to determine whether theplaintiff, the party who seeks to bring a liability claim against your smallbusiness, has a valid legal claim. Based on the findings of their own in-vestigation, they will determine how to resolve the case. We don’t wishto trivialize such claims; they can be emotionally draining for the defen-dant and, in the context of your disaster recovery efforts, counter-pro-ductive. However, we simply mean to say that in our experience, you areless likely to have a dispute with your insurance company regardingwhether a liability claim is covered by your policy. You are also unlikelyto have a dispute with your insurer about the valuation of the claim, sinceyour business will not be the direct beneficiary of any such payment. (Ifthere is a dispute, it will be between your insurance company and theplaintiff.) The best advice we can give you with respect to liability claimsis to give timely notice to your insurance company, document your lossmitigation efforts, and cooperate with your insurance company in resolv-ing the claim.
Next let us consider claims concerning property insurance. The threesuggestions we gave in Chapter 1—regarding documentation, furnishingnotice, and completing valuation—should minimize the risk of disputeswith your insurer. Documentation refers to proper maintenance ofrecords of the assets of your business. If you have, for example, receiptsand invoices showing the sums paid for your business assets and descrip-tions of those assets (thereby allowing both you and the insurance com-pany to agree on replacement costs), it should be relatively straightfor-ward to agree to a claims settlement. The difficulty reported by someinsurance companies adjusting claims for small businesses in LowerManhattan concerned documentation of the damaged business assets.The records of many businesses based in the World Trade Center and inadjacent properties were destroyed. It may not be possible to reconstructan inventory of property, plant, and equipment, such as by means ofprocuring statements from the business’ credit card company to docu-ment purchases of equipment.
If you follow the program we have outlined for you, you will mini-mize the risk of such disputes. Maintain careful records of your business
154 Contingency Planning and Disaster Recovery
assets, including receipts, invoices, canceled checks, photographs, serialnumbers, and so forth. Keep a duplicate (or even triplicate) copy of theserecords off-site! Imagine that your office building were to be destroyedin a catastrophe and with it, all of your business records. Your businessmay never recover. One idea is to keep electronic records, with digitizedphotographs of certain assets, because such records facilitate businessprocurement processes, irrespective of contingency planning for disas-ters.
The next step in the process is giving notice to your insurance com-pany of possible claims. Don’t risk a possible denial of a valid claim forfailure to give timely notice of the disaster. Remember to review all poli-cies implicated in the disaster, including policies that have expired andumbrella or excess coverages. It is better to invest the time in determin-ing that a certain policy does not indemnify a particular loss than it is toforfeit the indemnification for lack of a prompt response. In giving no-tice of a loss, if you fail to properly identify the peril for the insuredcoverage, your claim may be denied and a dispute may ensue. A real-world example will illustrate this point.
A sole proprietor who worked from her home near a disaster site (afire) sustained a systems crash. She concluded that the crash was mostlikely due to the loss of electrical power that was the result of the disas-ter and so notified her insurer. Because her policy did not include anendorsement for interruption of the power supply, that portion of herclaim was denied. In fact, the damage to her computer was the result ofsoot and ash clogging the fan of her computer, a peril that is covered byher policy. The denial of coverage and dispute that followed could havebeen avoided by proper diagnosis of the problem, or a description of theproblem without a diagnosis. Had the insurance company sent an ad-juster to inspect the damaged computer, he or she would have seen thesoot and ash in the machine and likely authorized the claim. Her hastydiagnosis resulted in a denial and then a delay of her claims payment.We recommend that you have an IT expert examine your computer andrelated hardware assets following a disaster. Because damage to theseassets can be subtle, inspection is best left to an expert. Since we arepresenting an example of a sole proprietor with an insurance-relateddispute, we will take the opportunity to remind sole proprietors of theirneed to secure insurance coverage for their business-related assets andthereby avert disputes.
In the United States alone, more then 11 million people are self-
Recovery 155
employed. Many of them work out of their homes. The rise of out-sourcing and attempts to reduce labor costs will likely increase this num-ber. If you work from your home, if you are self-employed, or if yourbusiness is organized as a sole proprietorship, be certain that you haveadequate insurance. In the first chapter of this book, we suggested thatyou consider securing insurance coverage from partner companies toassociations serving the small business community. Certain of these af-filiated companies offer insurance policies specifically designed for self-employed individuals and those who work from home. You can obtain abasic insurance policy designed for the needs of home-based workers foras little as several hundred dollars annually. You should investigatewhether such coverage is appropriate for you. If you file a claim relatedto your home business with your homeowner’s or tenant’s insurance com-pany (which generally do not cover home-based business activities), youmay find yourself embroiled in a dispute with your insurer.
Finally, many property-related disputes with insurance companiesconcern the valuation of the damaged or destroyed property. Mitigatesuch risks by insisting that your policy cover the replacement cost ofdamaged assets and keep records of the assets of your business. This isparticularly important with respect to IT-related assets. Manufacturers ofcomputers and other related hardware frequently introduce new mod-els of equipment and discontinue older models. To determine a fairreplacement value of IT assets requires a detailed list of performancespecifications. If the insurance company has documentation that, forexample, the 10 computers destroyed in your building fire each hadPentium III chips, 256 megabytes of RAM, 20 gigabytes hard disks, 15-inch flat-screen monitors, and a color laser printer over an Ethernetnetwork, such information will expedite your claims settlement. On theother hand, if the records you produce show that in 2000, your businesspaid $25,000 for these 10 computers including the printers, agreeing toa fair replacement value for those computers can be a contentiousprocess.
If you properly document the value of your assets, give prompt no-tice to your insurer, and agree to a replacement cost valuation method,you minimize the risk of disputes with your insurance company for a fairclaims settlement. What if you follow all of these precautions and a dis-pute arises anyway? In such a case, you need to pursue two courses ofaction simultaneously. First, explore alternate means of generating cashto finance the replacement of the damaged assets that are absolutely
156 Contingency Planning and Disaster Recovery
essential to the recovery of your business. This is critical because youcannot anticipate with any degree of certainty when your claim will beresolved, and you need the funds to replace business assets to get yourbusiness up and running as soon as possible. Don’t delay your recoveryefforts pending resolution of all insurance claims. This book does notcover topics of capital raising, but as a small business owner, you are fa-miliar with various means of bootstrapping. Did you finance your pur-chases with credit cards? Contact your credit card providers and try tonegotiate a lower interest rate (or raise your credit limit). You will besurprised how many credit card holders are able to reduce their interestcharges by 2% to 5% with relatively little effort. The credit card companywants you to pay them interest charges, not to go out of business. Explainto the credit card issuer your disaster recovery efforts.
Are there receivables that you can factor? Are you able to lease ortemporarily rent your necessary equipment? Do you have access to a lineof credit? Does your business have cash reserves that you could drawdown, pending resolution of your insurance claim? Are you operatingyour business from your alternate location? If so, do you have surplusspace that you could sub-lease to another business displaced by the di-saster? Remember that even as you are resolving your property insuranceclaim, you are demonstrating to your insurance company that you aretaking steps to mitigate your business interruption losses. If your businessis a copy shop, for example, and you and your insurance company can-not agree on a replacement cost for the damaged photocopy machines,work with your insurance company to develop a plan for resuming busi-ness operations. Presumably you cannot reopen your doors for businesswithout replacement photocopy machines. If you have a business inter-ruption cover in place, gently remind your insurance company that re-ducing the amount of your property damages may increase your businessinterruption damages.
Ask your insurance company to advance you funds for the undisputedportion of your claim, provided of course that you do not have to waiveyour rights to pursue the other elements of your claim. If your businessis a copy shop, and you and your insurance company can agree to a fairreplacement cost of the black and white photocopy machines, for ex-ample, ask that that sum be paid to you while you continue to work toresolve your dispute about the valuation of the color photocopy ma-chines. As you seek the funds to replace the assets damaged in the disas-
Recovery 157
ter, you must simultaneously work toward resolving the disputed portionsof your insurance claim.
We recommend that you propose arbitration to your insurance com-pany. Reinsurance contracts (contracts between primary insurance com-panies and reinsurance providers, who assume certain insurance liabili-ties) typically contain so-called arbitration clauses. Such clauses specifythat disputed claims are to be resolved by arbitration and identify thevenue and forum for such arbitration. Arbitration provides a means forresolving disputed insurance claims without recourse to litigation. Com-mercial insurance policies typically don’t provide for arbitration, but askfor it anyway. An impartial party can often resolve the dispute promptly,provided, of course, it is agreed in advance that the arbitration is bind-ing on both parties. The office of your state insurance commissioner willbe able to refer you to parties who can arbitrate your dispute.
If arbitration is an unacceptable option to the insurance company,and you are forced to litigate your claim, please first contact your insur-ance commissioner to file a complaint. You may learn that your businessis not the only one with difficulties resolving insurance claims with aparticular insurer and your complaint may prompt an investigation bythe commissioner. You also may be able to access low-cost or pro bono legalrepresentation in case of a major disaster. Contact your local bar asso-ciation and explain your circumstances. Following the World Trade Cen-ter disaster, a number of small business owners faced bankruptcy andwere able to secure pro bono legal counsel to litigate their insurance claims.The likely remaining source of disputes with your insurance companyconcerns business interruption claims, and they tend to be the mostcontentious.
Securing Business Interruption Insurance
In Chapter 2, “Response,” we guided you through the steps you need totake to secure insurance coverage following a disaster. You begin by re-viewing all of the insurance policies that may be implicated in the prop-erty loss and you take steps to reconstruct policies that may have beendestroyed in the disaster (if you failed to keep backup copies of thepolicies off-site). We advised you to give prompt notice of the disaster toyour insurance company and to work with your insurer to mitigate the
158 Contingency Planning and Disaster Recovery
losses. You must be careful to document the losses and the expensesincurred in mitigating those losses, because such expenses may be reim-bursable. The insurance company’s input into your loss mitigation effortsreduces the risk that they will subsequently characterize such efforts asinadequate or deny reimbursement of your loss mitigation expenses. Youthen prepare and submit your claim.
Let’s assume that you have followed these steps properly and a dis-pute arises with the insurance company regarding your business inter-ruption claim. We advise the same course of action as recommended forresolving disputes over property claims: request an advance of the un-disputed portion of the claim, continue to work toward rebuilding yourbusiness, propose that your insurance company agree to arbitration toresolve the dispute, and, if necessary, write a letter of complaint to yourstate’s insurance commissioner and litigate your claim. If you have fol-lowed our recommendations for documenting losses and loss mitigationefforts, you will be in a strong position to present your claim to the arbi-trator (or judge and jury) and to do so immediately. If you believe litiga-tion is inevitable, redouble your efforts to secure payment for the por-tions of your claim that are not in dispute. Those funds may be necessaryto cover your legal costs, and advance payment of those claims will pre-empt the insurance company from withholding those funds pendingresolution of all of the claims.
Reinsurance contracts typically require arbitration to resolve disputedclaims and specify which laws apply for the interpretation of the contract.Because insurance laws vary from state to state and from country to coun-try, and the insurance company and its reinsurer are likely domiciled indifferent states or different countries, it is important that the parties agreein advance on which laws apply to the contract. Very often, reinsurancecontracts are written “to be construed in accordance with the laws of theUnited Kingdom,” even when neither the insurance company nor thereinsurer is domiciled in the United Kingdom. This is because, owing tothe development of the insurance market from its beginnings in a Lon-don coffee shop to the role that the Lloyds Insurance Market plays in theworld today, the United Kingdom has a well-developed body of case lawwith respect to insurance. An arbitrator would have many precedents toguide him or her in resolving the dispute.
Insurance contracts are not written in the same manner. They rarelyrequire arbitration to resolve disputes and often fail to specify how dis-putes are to be resolved, leaving the policyholder with only one appar-
Recovery 159
ent option: litigation. Insurance contracts often do not identify in whichforum litigation should take place. In such a case, you should select themost appropriate forum in which to litigate your claim. Your legal coun-sel can advise you of the best choice. In the United States, New York isconsidered a leading state with respect to insurance regulation, and itspolicies and practices are often adopted by the other states. Althoughyour commercial insurance policy may not specify the forum for litiga-tion, it will almost certainly specify a time frame within which such liti-gation must commence. Typically, insurance policies specify that thepolicyholder has a certain period of time following the date he gavenotice to his insurance company of the loss (or from the date the insur-ance company notified him of its denial of all or part of his claim) tobring a lawsuit against the insurance company to collect the claims thatare in dispute. Understandably, insurance companies don’t want to beserved with lawsuits from insurance policies that expired decades ago.The typical period to expiration of the right to bring suit is three years;read your policy carefully.
The rules of construction of insurance policies favor the policyholder.That is, if there is any ambiguity in the wording of your insurance policy,it must be construed in favor of the policyholder. The reason is as wediscussed in Chapter 2: insurance policies are standard documents issuedby insurance companies. The policyholder has little or no input into thedrafting of the insurance contract; it is typically a “boilerplate” document.However, disputes with insurance companies regarding business interrup-tion claims are less likely the result of contract wording and more likelythe result of identification of the “triggering” event (the disaster thatdisrupted the business operations).
Because business interruption insurance is typically an endorsementto property coverage, it does not cover losses of business income thatoccurred independently of an insured property loss. For the businessinterruption insurance to apply, an event occurs (which triggers cover-age), causing damage to the insured property of the policyholder, whichinterrupts the operations of the business, thereby causing a loss of in-come. For our purposes, we assume that the triggering event is a majordisaster. One issue likely to give rise to disputed insurance claims is forbusiness interruption cover following a disaster in which the policyholderdid not sustain damage to his or her property.
Imagine, for example, that you own and operate a travel agency inLower Manhattan and that your premises were sufficiently removed from
160 Contingency Planning and Disaster Recovery
the World Trade Center that they did not suffer any physical damage.Nevertheless, your business premises were closed by the Mayor’s Officeof Emergency Management on September 11, 2001, as a direct conse-quence of the attack on the World Trade Center. Employees and custom-ers were denied access to your premises. Do you have a valid businessinterruption claim?
The answer is maybe. Business may be interrupted by action of civilauthority, and your insurance policy may have a specific provision cov-ering claims arising from such action. In that case, the answer remainsmaybe. The insurance company may take the position that the provisiondoes not apply unless the triggering event, property damage caused bya peril covered in the policy, occurs. The insurance company may or maynot persuade a court of its interpretation. Businesses that lost revenuewhen they were closed in compliance with curfews following the assassi-nation of Dr. Martin Luther King won their claims for business interrup-tion insurance, despite the fact that their businesses did not suffer anydamage to physical property. However, other courts have denied policy-holder claims under similar circumstances when curfews were imposedby civil authority.
Consider another well-known legal case concerning business inter-ruption insurance. A movie theatre chain closed its movie theaters incompliance with curfews imposed by civil authorities, following theRodney King verdict. The insurance company denied the business inter-ruption claim and the court found in favor of the insurance company onthe ground that the theaters did not sustain physical damage as a conse-quence of the riots following the verdict. The court was not persuadedby the fact that the curfew prevented customers from going outside andpatronizing the theaters.
The lesson to be learned here is that in the case of business closingsdue to the action of civil authorities, it is not clear that business inter-ruption claims will be recognized as valid by insurance companies, or thatpolicyholders whose claims have been denied will prevail in legal pro-ceedings. The hypothetical travel agency in Lower Manhattan may havea stronger claim if it lost electricity and telephone service as a conse-quence of the disaster, thereby identifying a triggering event. Becauseeach case has unique circumstances, should your claim for business in-terruption following the actions of civil authority be denied, seek legaladvice as to how to proceed.
Recovery 161
Let’s consider another common source of disputes regarding claimsfor business interruption insurance: disputes concerning physical dam-age to IT assets, such as computers and related hardware. I (Donna)remember well how reinsurance companies took note of cases in whichinsurance companies denied policyholders’ business interruption claimswhen electrical outages (or power surges) destroyed data stored on com-puters. The insurance companies denied such claims on the ground thatthe computer systems were not physically damaged. The businesses ar-gued that the data on the computers were destroyed and that the datawere the property of the company. In some cases, the insurance compa-nies prevailed, arguing that data stored in electronic format were nottangible physical assets of the business. In other cases, the businessessucceeded in persuading the arbiter of the dispute that the data wereintangible assets and were no less valuable to the company than otherphysical assets. You can appreciate how complicated these disputes canbecome!
Even property damage itself may not be deemed adequate to substan-tiate a business interruption claim. Following major floods in Europe, asmall business operating near a theme park sought business interruptionprotection. The floods had caused some damage and mold in the park,which closed for repairs and safety checks to the amusement rides. Whenthe park reopened for business, visitors were fewer in number and rev-enues had declined. The insurer denied the claim on the ground thatmost of the park was accessible to the public. The small business ownedand operated a restaurant and a take-out food service facility adjacentto the park and derived substantially all of its revenues from diners visit-ing the park. The fact that the restaurant’s business was supported by thetheme park and, in the absence of visitors to the park, there were nodiners to patronize the restaurant was viewed as immaterial by the arbi-ter. Perhaps if the restaurant owner had negotiated an endorsement tohis policy to connect the protection afforded by his insurance to eventsoccurring at the adjacent park he may have succeeded in establishing avalid business interruption claim.
Successfully securing a business interruption claim requires satisfy-ing the precise requirements for property damage and attendant incomelosses and persuading an insurance adjuster, arbitrator, or court of thosefacts. Unfortunately, the interpretation of triggers of business interrup-tion insurance and the quantification of damages can vary considerably
162 Contingency Planning and Disaster Recovery
from case to case. It may be of small consolation to small business own-ers, but large corporations face the same problems with business inter-ruption cover. I (Donna) remember two negotiations to structure a busi-ness interruption insurance program for two separate companies: one acomputer chip manufacturer and the other a pharmaceutical company.Both negotiations were unsuccessful.
The situation faced by the chip manufacturer was unique: the com-pany was a specialized niche producer of chips, and the life cycle of thechip was short. Should the manufacturing facility be destroyed by fire orearthquake, by the time the facility could be rebuilt, the chips it hadmanufactured would be obsolete. The company managed its operationsby successfully retrofitting its existing facility for each new element in themanufacturing process mandated by a new generation chip design. Theinsurance company and the chip manufacturer were unable to agree topolicy terms with respect to how to calculate an appropriate benefit if adisaster were to destroy an existing facility that could therefore not bequickly upgraded to manufacture the next generation product. In caseyou are wondering how the company devised its contingency plan, theanswer is that they built in redundancy. The company expanded produc-tion capacity at each of its five plants worldwide. The plants were locatedin different geographic areas. Should a major disaster destroy one plant,each of the remaining four plants would increase its production quotasby 25% to compensate for the lost production of the fifth plant. Thecompany insured its property risk, so it would recover some funds if anyof its facilities were destroyed, but it self-insured, or retained, its businessinterruption risk.
The pharmaceutical company case is interesting, in that it is analo-gous to the small business operating a restaurant adjacent to the themepark as we discussed earlier. The company manufactures drugs to treatmedical conditions that are relatively minor. Senior management of thecompany was worried about product tampering; that is, not tamperingwith their products in the manufacturing process, but tampering with thecompetitors’ products. The company was confident of the security of itsown facilities and the protections it had put in place, but it was less con-fident of the security practices of its competitors. Management feared thatshould one of its competitors be affected by product tampering, consum-ers would be reluctant to use this particular class of drugs, including thedrugs produced by this specific pharmaceutical company. The companydid not succeed in obtaining a business interruption policy for this par-
Recovery 163
ticular peril because it could not agree with its insurer as to what consti-tuted an event trigger and what constituted an appropriate recovery.
In Lower Manhattan, small businesses are currently involved in dis-putes concerning their business interruption cover. Contentious issuesinclude determining the period of coverage: presumably all parties canagree that the losses began on September 11, 2001, but when did theyend? What exactly was the period of interruption? When Lower Manhat-tan was reopened to pedestrian traffic? When roads and commonly usedtraffic routes were reopened? When sales volumes return to theirpredisaster levels? As you can see, these disputes are not easy to resolve.The best advice that we can give you is to follow the recommended pro-cedures for documenting losses, mitigating losses, and giving notice. Inour opinion, even the most experienced legal counsel cannot predict theoutcome of a business interruption insurance dispute. But if you take allof the steps we recommend to secure your coverage, you will have maxi-mized your prospects for a recovery under the provisions of your policy.
Negotiating Continuing Coverage
Insurance is a cyclical business characterized by a hierarchy of capitalstrength and, hence, appetite for risk. The insured party has the lowestappetite for risk and the smallest capital base. Your business is an insuredparty, or a policyholder. Your business has a relatively small base of capi-tal and commensurate appetite for risk. If, for example, your factory isdamaged in a fire, you want an insurance company, with its capital re-sources and greater appetite for risk, to cover your damages (less a rela-tively modest deductible). You pay a premium to your insurance companyfor indemnification against specified risks. Should a loss occur, the in-surance company will pay the claims.
The insurance company, of course, collects premiums from manypolicyholders diversified across many perils, many periods of time, andmany geographic regions. Thus, the insurance company has a greaterappetite for risk. The insurance company, in turn, cedes certain of its risksto the reinsurance market, for which it pays a premium and it retainsother risks. The reinsurance market, in turn, cedes certain of its risks tothe retrocession market. The retrocession market consists of relatively fewlarge-scale companies, such as National Indemnity (a Berkshire Hathawaycompany) and the American International Group. Thus, at each level of
164 Contingency Planning and Disaster Recovery
the hierarchy, premiums are collected, claims are paid and parties at-tempt to configure their optimal levels of risk. Figure 3.1 illustrates thishierarchy.
You, the small business owner, pay premiums to an insurance com-pany, which indemnifies your business against insured risks. You may nothave appreciated that your insurance company also pays premiums, to areinsurance company, for indemnification against a certain portion ofits risks. The reinsurance company, in turn, pays premiums to a retroces-sion company for indemnification against a certain portion of its risks.In other words, there is a great deal of risk-taking capacity supportingyour business’s insured risks!
Following the September 11 terrorist attacks, commercial insurancerates rose dramatically. Workers compensation premiums, for example,have increased by 40% or more, even for companies with no loss expe-rience. In states affected by the terrorist attacks, New York and Pennsyl-vania, for example, rate increases have been even more dramatic. Rateincreases on other commercial lines, such as commercial property andliability, have increased 100% or more. Many small business owners, facedwith expensive insurance premiums in a less than robust economy, areconfronting unpleasant choices. Some must choose between paying moreexpensive insurance premiums, cutting back on coverage, foregoing
Figure 3.1 Hierarchy of Risk-Taking Capacity
Retrocession Company
Premium payments Claims payments
Premium payments Claims payments
Premium payments Claims payments
Reinsurance Company
Insurance Company
Corporate Policyholder
Source: Rates supplied by Tillinghast Tower Perrin, January 31, 2002.
Recovery 165
some coverage, or making cuts elsewhere, such as laying off employees.What is particularly baffling to many business owners is how a singlecatastrophic event could have such powerful consequences for rates. Inthis section, we will try to address that question by explaining the eco-nomics of the insurance cycle. We will also give you some practical tipsabout negotiating coverage in the postdisaster insurance market.
Figure 3.2 shows the cost of risk per thousand dollars of commercialrevenues over the past decade. (The 2002 figure is an estimate.) In 1990,businesses paid $6.10 in insurance premiums for every thousand dollarsof revenue they earned. Of course, risk is not generic; some companiesoperate in riskier industries than others. But the data do show the “bite”insurance premiums take from top-line revenue. Now, look at the figurefor 1992. In that year, companies paid $8.30 for every thousand dollarsof revenue, the highest cost for the decade. What happened? HurricaneAndrew, the most expensive insured catastrophe of the decade, hadstruck and devastated large coastal areas.
Consider the effects of disasters (or catastrophes, which we are treat-ing as super disasters) on the cash flow of an insurance company. Aninsurance company collects premiums from its policyholders, such asyour small business. It invests these premiums in assets, such as high-quality bonds and blue chip stocks, to earn investment income. It paysout expenses, such as premiums for its own reinsurance coverage, sala-ries to its employees, and so forth. It also pays claims to its policyholdersfor insured losses, or damages. The cash flow of an insurance company(premiums plus investment income less expenses less losses) is oftenexpressed in terms of a combined ratio. The combined ratio is the sumof the loss ratio plus the investment ratio. A loss ratio of 100%, for ex-ample, means that for every dollar the insurance company collected inpremiums, it paid out one dollar in claims and related expenses. Aninsurance company with such a loss experience stays in business by en-gaging in so-called cash flow underwriting; that is, its insurance losses aremore than offset by the investment income the insurance company earnson its premiums. In 1999, for example, insurance companies were pay-ing out $1.07 in claims and expenses for every $1.00 it collected in pre-miums. You can readily appreciate how sensitive the insurance industryis to the financial markets.
In 1999, insurance companies could survive with a 107% claims ra-tio because they were enjoying a bull market. Returns to stock marketinvestors and bond holders were robust. With such market conditions,insurance companies compete with one another to reduce premiums,
166 Contingency Planning and Disaster Recovery
Figu
re 3
.2Pr
ice
of R
isk
166
Sour
ce: D
ata
from
In
sura
nce
In
form
atio
n I
nst
itut
e.
Price of Risk per $1,000 ofBusiness Revenue
Yea
r
$9.0
0
$8.0
0
$7.0
0
$6.0
0
$5.0
0
$4.0
0
$3.0
0
$2.0
0
$1.0
0
$0.0
019
9019
9119
9219
9319
9419
9519
9619
9719
9819
9920
0020
0120
02
$6.1
0$6
.40
$8.3
0
$7.7
0
$7.3
0
$6.4
9
$5.7
0 $5.2
5
$5.7
1
$5.2
0$4
.83
$5.5
5
$7.2
2
Recovery 167
preferring to build market share and believing that they could earn theirprofits in the financial markets. Some insurance companies did notpurchase sufficient reinsurance coverage, in order to reduce costs. Evenbefore the September 11 catastrophes, trouble loomed. Companies suchas Reliance Insurance Company were offering property-casualty insur-ance policies at 25% less than what insurance companies with strongercredit ratings were prepared to offer. In 2000, Reliance Insurance Com-pany came under the control of insurance regulators as its financialstrength continued to decline. It could not operate as an ongoing con-cern, in part because its premiums were inadequate to cover the risks itwas underwriting.
At the same time, the financial markets on which insurance compa-nies had depended to earn their profits weakened. The implosion of theInternet stocks, followed by major corporate bankruptcies, such as Enronand Global Crossing, reduced the attractiveness of equity investments.Bonds, which comprise the largest class of assets in an insurancecompany’s investment portfolio, were also a less profitable investment,as interest rates are at historic lows. Thus, the scene was set for dramaticchanges in the insurance industry even prior to September 11, 2001.Figure 3.3 shows average monthly percentage increases in commercialproperty and casualty insurance premiums.
Figure 3.3 Higher Premiums
35%
30%
25%
20%
15%
10%
5%
0%
2001 2001 2001 2001 2001 2001 2001
June
July
Aug
ust
Sep
tem
ber
Oct
ober
Nov
embe
r
Dec
embe
r
Janu
ary
Feb
ruar
y
Mar
ch
200220022002
168 Contingency Planning and Disaster Recovery
As you can see, premiums were increasing even before the attacks onthe World Trade Center and the Pentagon. But those attacks had seri-ous consequences for the pricing of insurance risk. Figure 3.4 shows an-nual insured losses from 1970 to 2001 in constant dollars. As you can see,natural catastrophes (such as earthquakes, storms, floods, and droughts)and man-made disasters (such as fires, explosions, and aviation disasters)rose dramatically in the 1990s as compared with previous decades. Fig-ure 3.2 shows us that insurance premium increases were not commen-surate with the increased risks.
As discussed earlier, insurance companies often rely on investmentincome to maintain profitability, but the financial markets of 2001 to 2002have not been as robust as those of the 1990s. At the same time, the lossexposures have become more difficult to quantify. The terrorist attacksof September 11, 2001, were the second largest insured catastrophe inhistory. Estimates4 of the insured losses are shown in Table 3.1.
Now let’s begin with the top of the hierarchy. The leading providerof retrocession coverage, National Indemnity, a Berkshire Hathawaycompany, estimates that it will pay 3% to 5% of the losses incurred onSeptember 11, 2001, amounting to some $900 million to $2.9 billion inlosses. The reinsurance companies will pay their share of claims to theinsurance companies, and the insurance companies, in turn, will payclaims to their policyholders. Since the insurance industry had neverconceived of a terrorist attack causing damage on such a scale, there willalmost certainly be changes in underwriting policy.
In the past, fire insurance covered damage arising from fires andexplosions irrespective of the cause, with a single exclusion for war andcivil commotion. In most countries, terrorism was not identified in warexclusion clauses and so was assumed to be a covered risk. Prior to Sep-tember 11, the most costly insured terrorist attack occurred on April 24,1993, when a bomb exploded at Bishopsgate in the City of London, caus-ing $907 million of insured damage. While the human cost of such anattack is incalculable, the financial costs were below the costs of majornatural catastrophes, such as hurricanes and earthquakes. Several coun-tries particularly exposed to risks of terrorism—the United Kingdom,Spain, South Africa, and Israel—have special government support tocover these risks, but they are the exceptions. Most countries implicitlyallow commercial underwriting of terrorist risks. Unlike terrorist risks,natural disasters occur randomly and without design, but the probabili-ties and consequences of natural disasters are actuarially predictable.Prior to September 11, the risk of terrorism was covered, except in the
Recovery 169
Figu
re 3
.4Pr
ice
of R
isk
169
7072
7476
7880
8284
8688
9092
9496
9800
2001
: 11
Sep
tem
ber*
1999
: Sto
rm L
otha
r
1994
: Nor
thrid
ge E
arth
quak
e
Nat
ural
cat
astr
ophe
s
Sep
tem
ber
11 lo
ss (
prop
erty
and
bus
ines
s in
terr
uptio
n)
70 60 50 40 30 20 10 0
Insu
red
loss
es in
U.S
.$ b
illio
ns, a
t 200
1 pr
ice
leve
ls
* E
stim
ate
of th
e to
tal i
nsur
ed lo
ss (
all l
ines
of b
usin
ess,
incl
udin
g lia
bilit
y as
wel
l as
life
and
heal
th):
U.S
. $30
—58
bill
ion.
Man
-mad
e ca
tast
roph
es
Sep
tem
ber
11 lo
ss (
liabi
lity
and
life)
1992
: Hur
rican
e A
ndre
w
Sour
ce: S
wis
s R
ein
sura
nce
Com
pan
y. E
con
omic
Res
earc
h a
nd
Con
sult
ing.
Sig
ma,
No.
1, 2
002.
Rep
rin
ted
wit
hpe
rmis
sion
.
170 Contingency Planning and Disaster Recovery
four aforementioned countries, by the private market. Now, the newdimensions of terrorism call for some type of public sector–private sec-tor solution. Until such time as a solution is put forward, however, insur-ance companies will pay significant premiums for reinsurance cover,because they now realize that they cannot afford to be without it. A singleterrorist attack with the concentrated deadly intent of those of Septem-ber 11 could render bankrupt any single insurance company. As a con-sequence, insurance premiums are likely to remain high for the imme-diate future.
There are some practical steps you should take to ensure thatyour business has adequate insurance coverage following amajor disaster. Be aware of the “paying more/getting less”
phenomenon that occasionally follows a major disaster. Sometimesincreases in insurance premiums can be dampened by excluding risksthat were previously covered by the small business owner’s policy. Ifyou make an explicit assessment to forego coverage for certain risksto lower premiums, fine, so long as you understand the tradeoffs youare making. But don’t fall prey to creeping exclusions. When it comestime to renew your insurance (which is usually done annually), reviewyour policy carefully, because you may not be comparing apples toapples with respect to the current and last year’s policies. Exercise
Table 3.1 Estimate of September 11, 2001 Insured Losses
Line of Underwriting Billions of U.S.$
Property 10.0–12.0
Business interruption 3.5–7.0
Workers’ compensation 3.0–5.0
Aviation 3.0–6.0
Liability 5.0–20.0
Other non-life 1.0-2.0
Life and health 4.5–6.0
Total 30.0–58.0
Source: Tillinghast Towers Perrin, January 31, 2002.
Recovery 171
caution with respect to policy wording and ask questions of yourbroker and insurance company if there is anything you don’t under-stand. One question we might ask now, for example, that we hadn’tasked in the past is “Is an anthrax-laden letter delivered to my placeof work a terrorist or criminal act? Is the coverage the same if theletter is mailed by a local prankster or a person from the MiddleEast?”
We predict that large corporations will become increasingly unwill-ing to pay such steep insurance premiums and will develop innovativemeans of insuring their risks. We have seen this phenomenon before,beginning in the 1980s with the development of the so-called alternativerisk transfer market (ART). ART offered a portfolio of tools by whichcorporations could transfer their risks by means other than standardcommercial insurance programs. One such tool in the ART portfolio wascaptive programs. Captives were insurance companies wholly owned bytheir corporate parents. They were typically domiciled offshore, in placessuch as Bermuda or the Cayman Islands, to benefit from favorable taxclimates and fewer regulations. Captives allowed corporations the ben-efit of tax-deductible premiums to cover their risks while ensuring thatprofits remained in-house. Other means of transferring insurance riskincluded catastrophe bonds, in which insurance risk was transferred tothe financial markets (imagine a bond whose return is measured by aninsurance loss ratio!), financial insurance (a hybrid product that trans-ferred some elements of insurance risk, while financing others), andother innovative arrangements. Large corporations with significant lossexposures (such as pharmaceutical companies, oil companies, and othercompanies operating in industries with high severity/low frequency risks)will lead the way. Unfortunately, many of these solutions are not practi-cal or cost-effective for small businesses. Nevertheless, the laws of supplyand demand hold in the insurance market: when large corporations findalternatives to traditional commercial insurance, small businesses shouldbenefit from declining premiums.
Do you remember the advice we gave you in Chapter 1 withrespect to lowering your worker’s compensation insurancepremiums? We recommended that you verify the job classifi-
cations of your employees, because often small businesses overpay
172 Contingency Planning and Disaster Recovery
their risks because they failed to properly classify jobs. We ask youto go back and repeat that exercise. In fact, you should verify, on anannual basis, that your information is current. As a consequence ofthe disaster, you may have had some attrition, or you may have hirednew employees to assist in your recovery efforts and assume longerterm responsibilities. Make certain that your information is accurate.There are more than 700 employee classifications, and misclassific-ation errors can be costly. A machine shop general classification, forexample, costs $8.50 in workers’ compensation premium per $100.00in payroll. A precision machinist, in contrast, costs $1.25 in premiumper $100.00 in payroll. You can appreciate how easy it would be tomake a mistake and pay more premiums than is required. It is worththe time and effort to review your employee data again.
We also advise you to comparison shop with respect to insurancecoverage. It is convenient to build a relationship with a single insurer,but in the face of postdisaster premium increases, you have to considerother options. One commercial insurance broker told us, “Yes, the mar-ket was becoming more expensive before September 11, but the rateincreases were not as steep as what we are now seeing in the market . . .it’s as if insurance companies think they have carte blanche to add 25%or 50% to the premium increases that they were going to demand any-way. Whether it is actuarially justifiable or not, that is what they are do-ing.” We saw in Figure 3.2 that insurance premiums rose by 42% follow-ing Hurricane Andrew. Whether all small businesses should pay increaseson this order of magnitude is debatable, particularly if they are not ex-posed to the risks that caused the original disaster. It pays to compari-son shop. Following September 11, we have seen a range of premiumsquoted by different insurance companies to small business owners forsimilar risks. Compare and negotiate the best deal you can. You may bein a better position to control the premium increases your insurer isdemanding if you can document the safety and security measures thatyour small business has in place that makes your company a better riskthan its peers.
Speaking of peers, you should talk to your peers in the small busi-ness community following a disaster (after a suitable period of time toimplement recovery efforts). Were they satisfied with their insurancecarriers? Which insurance companies provided superior service andwhich failed to deliver? This is important information to have as you
Recovery 173
consider your business’s insurance needs going forward. We can tell youfrom our experience that there is substantial anecdotal evidence in LowerManhattan that one insurance company was the source of a dispropor-tionate amount of disappointment following the September 11 disaster.We would be reluctant to advise friends to seek coverage from this par-ticular insurer, which has garnered some bad press. Learn from yourpeers and help them to learn from you. In the next section, we willpresent some additional learning opportunities. Finally, be hopeful.Remember that after the last major catastrophe, Hurricane Andrew, in-surance rates rose steeply, and then declined for five consecutive years.Expensive insurance premiums postdisaster are a common, but usuallyshort-lived, phenomenon.
Learning from the Experience
Experience is the best teacher and, having experienced a disaster thatdisrupted your business, you have learned some valuable lessons. Un-doubtedly, there are some things that you will do differently in the fu-ture. The changes you make to your contingency plan will not only im-prove the resiliency of your business should you be threatened with asubsequent disaster, but they will improve your overall business processes,irrespective of whether disaster strikes again. Almost certainly you learnedsome positive and encouraging lessons. You learned to appreciate thewonderful people you have in your life. The brush with disaster (assum-ing it was a more serious form of disaster) may have reframed your per-spective. Sometimes in our zeal to build our businesses, we occasionallyneglect the people who mean so much to us, and a disaster provides anot-so-gentle reminder of what really matters. You were likely impressedby the response of your employees and suppliers. Their commitment,their enthusiasm, and their hard work are responsible for the success ofyour rebuilding efforts.
A shared experience, such as a serious disaster and the subsequentrecovery, builds a certain esprit de corps. I (Donna) can tell you that thefeeling of anonymity in the big city disappeared following the events ofSeptember 11. I remember having to take a subway to midtown and beinga bit confused about where to go because my local subway station hadbeen closed due to severe physical damage. Helpful strangers spontane-ously volunteered to me the names of the working stations. During thesubway ride, a neighbor who had recognized me from the elevator of my
174 Contingency Planning and Disaster Recovery
apartment building introduced herself and initiated a conversation. NewYork City, contrary to its reputation, is actually a friendly place, but it wasnever that friendly.
People will feel a need to talk about their experiences. Sharing andvalidating one another’s experience seems to be an important part of therecovery process. During the period that Lower Manhattan was closed,we shared a bottle of wine with a married couple from Malaysia who werein New York City on an expatriate assignment. They had feelings of hor-ror about the atrocity, a desire to stay and experience the more positiveaspects of living in New York, and, at the same time, a desire to returnhome to assure their families that they were safe. We certainly learn aboutour connections to one another during a disaster, but we also learn somepractical lessons about disaster recovery.
We have invested some time in talking to small business owners whowere affected by the disaster so that we could learn from their experiencesand share them with you, our readers. Throughout this book we haveshared our own experiences, but to the extent that we are more IT andinsurance savvy than most, we are likely not representative of the popu-lation of small business owners. Also, small businesses represent a rangeof different industries, and the experience of the restaurant owner or thecommercial print shop may be different from our own and may holdvaluable lessons for us. Few business owners anticipated a disaster on thescale and scope of those that occurred on September 11, 2001. The com-bined effects of an economic recession and a disaster striking our finan-cial capital were devastating to many small businesses. At the same time,we have to focus our attention on practical solutions we can implementas a result of this experience. Few small business owners have the re-sources to set aside capital in reserve to cover one or two years of expensesin anticipation of such a catastrophe. Let us focus our learning effortson what we can practically do to mitigate the consequences of the nextdisaster (and hope it never comes).
We have, throughout this book, drawn on our own experiences inLower Manhattan, but a visit to the Federal Emergency ManagementAgency (FEMA) website will show you how frequently disasters strike.FEMA catalogs all major disasters in the United States, and you will besurprised to see how many have occurred in the past few years. The floodsin the southern part of the United States or the storms in the midwesternpart of the country were disasters to those who were affected. We hopewhat we have learned can help you to prepare for disaster. You need to
Recovery 175
determine what the common factors with your business could be, becauseif you should ever experience a disaster, it will likely be very different thanthe one we experienced.
After spending considerable time with many small business ownersfollowing September 11, I (Donna) have concluded that small businessowners have learned a great deal about business interruption insuranceand that their lessons often came at a high cost, occasionally the loss oftheir businesses. The information we have presented thus far should serveto spare you those terrible losses. We presented basic facts about busi-ness interruption insurance as an endorsement to a property insuranceprogram in Chapter 1. In Chapter 2, we advised you on how to calculateyour insured loss and secure business interruption coverage. Earlier inthis chapter, we provided specific advice on resolving disputes over suchcoverage.
Now we would like to share with you what we have found to be theerrors most commonly made by small business owners with respect totheir business interruption insurance. This is admittedly not an exhaus-tive study of the small business community, but anecdotal evidence of-ten is the most persuasive. We hope that by sharing the lessons learnedby small business owners in Lower Manhattan following the worst disas-ter in U.S. history you can better prepare your business to mitigate po-tential losses.
The most common error, by far, was a lack of business inter-ruption insurance cover for small businesses. Business prop-erty insurance covers damage to property (which is a direct
loss) but not damage to business income (which is an indirect orconsequential loss) unless the policy is specifically endorsed to pro-vide this coverage. Relatively few small business owners requested thiscoverage, and if our sample has any significance, relatively few com-mercial insurance brokers thought to advise small businesses of theneed for such protection. On September 10, 2001, a husband and wifeteam opened a pizzeria around the corner from my (Donna’s) office.Unfortunately, without business interruption coverage in force, theyhad no means of covering their fixed expenses until they could repairand reopen the restaurant, which they did not have the funds to do.September 10, 2001, was the first and last day that their pizzeriaserved customers.
176 Contingency Planning and Disaster Recovery
We have found that restaurant owners and medical/dental practiceswere the types of small business most likely to forego business interrup-tion coverage. The irony is that these are the types of businesses that cannot operate from remote locations and so are in greatest need of incomeprotection. Many of these business owners mistakenly believe that theirproperty insurance will cover their losses in the event of a disaster. It willcover the cost of repairing the damaged or destroyed assets, but, absenta business interruption endorsement, it won’t cover the revenues lostduring the period that the business was not operational. If you own andoperate a small business in an industry with low switching costs for cus-tomers, you cannot afford to be without business interruption insurance.Imagine that you run a paging service or a message service for physicians.Disaster strikes and you are temporarily without telephone service. Thephysicians will immediately switch to an alternate service provider thathas not been affected by the disaster; they won’t have a choice. Theyrequired uninterrupted service. Once your telephone service is restoredyou will not likely recapture all of the customers who defected. Switch-ing service providers is inconvenient, and it is unlikely that all of yourcustomers will switch back. To the extent that business interruption in-surance can replace your revenues lost during the disaster, your businesswill have resources to fund the recovery.
The second lesson many small business owners learned with respectto business interruption insurance is the need to carefully evaluate theconstraints on loss payments. Some business interruption insurance poli-cies specify a staged payout; for example, 40% of the losses are paid to youwithin 30 days of the loss, 40% of the losses are paid within 60 days of theloss, and 20% are paid within 90 days of the loss. We recommend that younegotiate to remove any such payment limitation from your policy word-ing. There is no need for your business to provide interest-free financingto your insurance company. Following a major disaster, your small busi-ness will likely be in urgent need of funds. You will, for example, need tosatisfy deductibles for your property insurance. A staged payout of busi-ness interruption claims is not in the interest of your business.
An extension (or corollary) to this lesson concerns waiting periodsapplied to business income losses. Insurance policies commonly imposewaiting periods of one to ten business days or longer to business inter-ruption endorsements. Many business owners often apply their ownexperience as retail insurance policyholders to the needs of their busi-nesses and mistakenly believe that they are comparable. They are not.
Recovery 177
For example, it may be entirely appropriate for you to have a 60- or 90-day waiting period for your personal disability income insurance policy(which dramatically lowers your premium), but it is not appropriate oradvisable to apply a waiting period to your business interruption endorse-ment. When you budget for your personal expenses, you know that youmust have sufficient savings to cover 60 or 90 days of your living expensesshould you become disabled, if you have such waiting periods in yourdisability income policy. But it is more difficult to apply such budgetingmethods to your small business following a disaster, at which time youwill have to finance extraordinary expenses. With the exception of theproperty insurance deductibles, few of these expenses can be forecastwith any degree of certainty.
Small businesses typically suffer their greatest income losses imme-diately after a disaster strikes and slowly recover. A waiting period ex-cludes those losses from coverage. In effect, a waiting period functionsas an unknown deductible. I (Donna) have business interruption insur-ance that covers my small business from the first day of losses, less aquantified deductible. Don’t enter into a business interruption insuranceprogram that specifies a waiting period. Substitute instead a deductiblebased on a fixed amount of capital. With a quantifiable deductible tosatisfy, you know you must set aside a certain amount in reserve funds,but thereafter the business interruption insurance will make whole yoursmall business for any losses.
The other complication that can arise with waiting periods concernscoverage. Consider a disaster that closes streets leading to your business,for example, a hairdressing salon. Assume that you have a waiting periodof seven business days. Within three days the streets are reopened forpedestrian traffic and, in theory, customers can visit your salon. However,as a practical matter, they wait to resume visits to your business until suchtime as all of the construction work on the street is complete. The insur-ance company can credibly argue that you do not have a valid businessinterruption claim because access to the salon was restored before thewaiting period expired. It may take some time before pedestrians resumewalking down the street where they can see that you are open for busi-ness. Business trickles back, but you suffered an uninsured loss. If youdon’t have a waiting period, you won’t have such disputes with your in-surer. Deductibles based on absolute dollar amounts of losses are subjectto fewer interpretations.
Now consider what happens at the other end of the disaster timeline.
178 Contingency Planning and Disaster Recovery
Insurance policies often cover losses only until such time as your busi-ness can reopen. But often, as in the preceding example, losses continueeven after your facility has been restored. Consider obtaining an ex-tended period of indemnity for your business interruption insurance.Revenues are often reduced for an extended period of time following acatastrophe. Observe how many months had passed before passengersrebooked flights after September 11, for example. It may make sense foryour business to have an extended period of indemnity clause for 30, 60,or 90 days for losses that continue to accrue following the date of theoriginal claim. I (Donna) have a friend who owns a corporate travelbusiness based in Virginia. The attack on the Pentagon did not cause anydamage to her premises, but she has learned from the lessons of othersand will elect an extended period of indemnity when her existing policycomes up for renewal.
Before we conclude our discussion of waiting periods for businessinterruption coverage, we would like to add a word about insurancedeductibles. Many small business owners were unpleasantly surprised tolearn that they had multiple deductibles to satisfy for their coverage. Wesuspect that this confusion may be the result of poor communication withtheir insurance brokers. All of the personal finance books you will everread advise you to reduce your premium by electing a higher deductible.Remember, as in the comparison we drew between personal disabilityincome insurance and business interruption insurance, that personalinsurance lines are not entirely comparable with commercial insurancelines. I (Donna) investigated the source of confusion with at least two ofmy friends and determined that they had relied on the cover letter fromthe commercial insurance broker that accompanied their policy docu-ments and were misled as a result. The cover letter had made referenceto one of the deductibles. The cover letter is a social nicety of businesscorrespondence; it is not a synopsis of the provisions of your policy. It isimportant that you read your policy.
Turn to the page of your policy captioned “Common Policy Decla-rations.” This is the document that lists the declarations, forms, andendorsements that comprise your complete policy. It is typically presentedby category, such as interline forms, property form coverages, liabilityform coverages, and umbrella liability coverages. Within each of thesecategories you will find a reference to the coverage that is part of yourpolicy. Let’s examine the property form coverages as our example. Turnto the page of your policy captioned “Property Form Coverages Decla-
Recovery 179
ration.” This is the part of the document that presents in explicit detailthe coverages that were listed under the same heading of your commonpolicy declarations. You may have a separate deductible applied to eachcoverage. For example, my (Donna’s) policy provides for a $1,000 deduct-ible to the personal property of others, which applies only in the eventof theft. If the personal property of my employees were to be destroyedin a fire, for example, the deductible would not apply.
This declaration also states the deductibles that apply to the othercoverages that I have elected to include in my policy, such as businessincome, which states “actual loss sustained” and “no wait period applies.”I have deductibles that apply to each of the other property form cover-ages in the policy, such as signs, valuable papers and records, and so forth.Now turn to the page of your policy captioned “Umbrella Liability Cov-erages.” The document will identify your self-insured retention in the boxmarked “underlying insurance coverage.” It would not be uncommon,for example, that you would have a $1,000 deductible for your propertyinsurance standard form policy, but a $10,000 self-insured retention foryour umbrella policy. The self-insured retention is the amount of lossesyour small business must pay (in other words, losses that your small busi-ness retains for itself) before the umbrella coverage becomes effective.Now review the entire policy with special attention paid to documentsmarked “declarations.”
We ask you to do this so that you understand that you may havemultiple deductibles to satisfy and you may plan your reserve fund ac-cordingly. We suspect that most small business owners would prefer tohave a deductible of $500 to $5,000 to make premiums more affordable.In the case of the more “common” disasters, you may need to satisfy onlya single deductible. In a catastrophe, such as the attacks on the WorldTrade Center or the Pentagon, multiple lines of insurance coverage willbe required to cover your losses. This, in turn, requires your business toassume multiple deductibles. For small business owners who were dev-astated on September 11, the realization that multiple deductibles of$1,000 each aggregated up to $15,000 was painful. We continue to rec-ommend that you elect a higher deductible to reduce your premiums,but we want you to be aware that you may have to satisfy multipledeductibles should a catastrophe (not just a disaster) strike. Build yourcash reserves with that in mind.
The third lesson many small business owners learned with respect tobusiness interruption coverage concerns losses incurred as a result of
180 Contingency Planning and Disaster Recovery
reduced access to your business following a loss or damage to your prop-erty. Consider, for example, the neighborhood restaurants that deliveredlunches to workers in the World Trade Center. The destruction of theWorld Trade Center resulted in a loss of 50,000 customers to those busi-nesses. Contingent business interruption coverage would provide someassistance to those businesses for a period of time, which might be thecushion they need to recover.
Not all insurance lessons related to business interruption cover, butthey were by far the most common. Many small business owners learnedlessons about providing contingency by means of their property insur-ance and will prepare for the future accordingly. The three most com-monly learned lessons (again, this is not a rigorous study) concernedexclusions and limitations in policies, lease-hold insurance, and propertyvaluation methods. Exclusions and limitations are difficult, because theyare common in insurance contracts and you often don’t discover themuntil you sustain a loss and your insurance adjuster points out the fineprint in your policy that excludes the loss from coverage. The only thingyou can do is to read your policy with great care. Ask questions and don’tenter into a contract for insurance until each of your questions has beenanswered to your satisfaction. Determine if you need to supplement yourinsurance coverage, perhaps with an additional endorsement, andwhether you are able to pay the additional premium required for suchcoverage. Do this before a disaster strikes.
In the context of this lesson, we ask you to carefully review your “all-risk” property insurance for those small business owners who elected suchcoverage. Remember that all-risk is a misnomer, and such policies fre-quently exclude from coverage losses from computer equipment, forexample. We can name names of small business owners in our commu-nity who thought that their computer equipment was covered under theirso-called all-risk insurance policies and were disheartened to learn thatit was not. It was particularly disappointing because the most valuablefixed assets of a small business are often its computers and related hard-ware. Few small business owners would knowingly exclude such assetsfrom coverage. You don’t want to be surprised after a disaster to learn,for the first time, that your most valuable assets are excluded from cov-erage. Go back and review your all-risk policy now and purchase addi-tional insurance coverage if you think you need it. We cannot reverse thelosses that small business owners in Lower Manhattan assumed as a con-sequence of these exclusions, but we can at least learn from them.
Recovery 181
Leasehold insurance may protect your business if a disaster forces youto vacate your premises. Leasehold insurance will cover the unexpiredportion of a long-term lease. Imagine that your office building is de-stroyed by fire. Leasehold insurance may pay the remaining rent due onyour lease, so that you will satisfy that obligation. It also covers the dif-ference between your existing rent payments and your future rent pay-ments, should you lose access to your building or office in a disaster. Thiscan be a significant benefit because scarce resources are expensive. If afire, for example, destroys 100,000 rentable square feet of office space,the adjacent properties may become more expensive. We elected toforego this coverage for our businesses because we are very flexiblewith respect to our space requirements. But consider the garment manu-facturing businesses in Chinatown in New York. They require tens ofthousands of square feet of contiguous space and, as a consequence, areless flexible. We would strongly advise them to secure such insurancecoverage.
Finally, property valuation methods were a common source of con-tention following the September 11 disaster. We strongly recommend thatyou insist on property insurance coverage that provides for replacementcost, based on current market prices for your insured assets. We also goone step further in our contingency planning. We annually update ourinventory of business property, plant, and equipment to reflect the mar-ket values of our business assets. This gives us a clearer picture of the valueof the tangible assets of our businesses and facilitates our capital budget-ing exercise. It also gives us the information we need to make betterbusiness investment decisions. For example, I (Donna) have been pay-ing close attention to local and online auctions of business equipmentwith a view to making some good investments given the relative weakprices of technology and capital equipment. Knowing the value of myexisting assets enables me to make better purchasing decisions.
For every “lesson” that we have shared with you, there are many othersmall business owners who are saying to themselves “If only I had known. . .” with respect to some other aspect of their contingency planning. Toaddress these needs through an ongoing dialogue, we have establisheda website where we may exchange information and lessons learned aboutbest practices for disaster recovery. Further information is given at theend of this book regarding our website. Meanwhile, we hope you will taketo heart the lessons small business owners in Lower Manhattan learnedthe hard way.
182 Contingency Planning and Disaster Recovery
Dealing with Emotions
You are likely to experience a range of emotions following a disaster. Ifthe disaster was a minor computer malfunction, you may experienceemotions of anger and frustration. Such trivial mishaps can have seriousconsequences for your business. They drain your energy and distract yourattention from more critical tasks. The more serious forms of disaster,such as earthquakes, hurricanes, or acts of terrorism, can have more long-lasting effects. A natural disaster reminds us that our ability to chart ourown destinies has its limits and we all are, to some extent, at the mercyof fate. Being displaced from your place of business, even if no one hasbeen harmed, is stressful. We all develop our comfortable routines so thatour minds go on “autopilot” for routine, repetitive tasks and we can fo-cus our concentration where it is needed. But when our routines aredisrupted, we need renewed concentration on our new environments andour new working conditions. At the same time, there will be many peoplemaking demands of you during the recovery period. Some of these de-mands will be of a personal nature, such as a spouse who needs yoursupport during a particularly stressful time, or a child who begins toexperience nightmares after the disaster. Many of these demands willrelate to your business: you may have a customer whose needs are inflex-ible or suppliers who didn’t devote the effort to contingency planningthat you did. Recognize that the emotions you are experiencing in therecovery period are normal and to be expected. Indeed, this may be thefirst moment you have had since the disaster struck to catch your breathand take in all that has happened!
We are not medical professionals and so cannot offer medical advice.We are not mental health experts and are not qualified to provide thera-peutic services. We offer something else: practical real-world experienceand understanding and support of what you will be going through in therecovery period. We would like to accomplish two goals in this sectionof the book. First, we would like to share with you some of our personalreactions to the disaster that we experienced, so you will be sensitized tosome of the reactions you might anticipate should you experience amajor disaster. Second, we would like to share with you some of the thingsthat we have learned about recovering from trauma. Even if you are aresilient type (and we both are), this information will help you to appre-ciate the different emotional reactions of those around you. Your ex-tended small business family will need your attention in a different wayfollowing a major disaster.
Recovery 183
Following the disaster that I experienced, my (Donna) dominantfeeling was one of disorientation. The subway stop nearest my home, theRector Street stop, had been badly damaged on September 11 and so wasclosed by the police. The World Trade Center stops were obviously nolonger available and some restoration work had to be done on the sub-ways. Subway lines that had offered express service offered express andlocal service, and there was always some confusion as to which one. SinceI walk to work, I don’t use the subway that often. But when I did, I oftenfound that I exited on the wrong stop or took the wrong line. The con-fusion was compounded by the increased crowding on the subways. Thosewho had taken the subway lines that were closed had to find alternateservice, and so with fewer lines serving the same number of passengers,crowding increased. Walking about could be confusing, too. The twintowers served as a landmark; alerting me as to which direction was southor north and I could no longer rely on them.
Adding to the confusion was an unusual volume of noise and lightat night. The work at the World Trade Center took place 24 hours a day,seven days a week, as was necessary. Our ordinarily sleepy neighborhoodbecame very noisy at night, with trucks removing debris and jackhammersgoing at all hours. Outdoor lighting was brought to street corners pow-ered by mobile generators, to allow crews to work all night. Unfortunately,even with the shades drawn, many apartments in my neighborhood werelit up all night. The noise could be jarring; particularly since it oftenstopped and restarted in what appeared to be a random pattern. Theresidents who had heard the planes crash into the towers were especiallysensitive to loud noises. I remember being awakened at 3:30 one morn-ing by a pair of F-16 planes overhead. As it turns out, the planes were notsupposed to be flying that route at that hour. The pilots presumably didnot appreciate that the residents of Lower Manhattan were probably sleepdeprived and hyper-alert to such sounds.
Of course, the work had to be done and we are all glad that it wasdone so efficiently, but the noise contributed to a sense of disorientation.Instead of waking feeling well rested, I would wake up and feel fatigued.It wasn’t just that the trucks removing debris would interrupt your sleep;it was that they would remind you of the event that required their pres-ence: the terrible tragedy and the deaths of so many innocent people.The same association was made with the odors that emanated from thesite, at least in the first few months after the disaster. I remember exit-ing the Wall Street subway station to a strong odor of smoke and thewoman next to me asked “Do you think we will ever get used to this?”
184 Contingency Planning and Disaster Recovery
The disoriented feelings worsened whenever I went to midtownManhattan, which was completely unaffected by the disaster. It is the mostbizarre experience to leave a disaster area, enter a subway, and exit thesubway to see people carrying on as if nothing had happened. At the sametime, I found I was less tolerant of behaviors I would have ordinarilyoverlooked. I remember being in the office during a telephone conver-sation with a marketing person in Florida. She said something to theeffect of “I have never been to New York, but I guess you guys are justwaiting for the other shoe to drop.” At the time she made that commentthere were ongoing warnings and rumors about further terrorist action.After the attacks, there were pranksters phoning in bomb threats to high-rise buildings. Apart from the inconvenience of unnecessary evacuations,and an abuse of the police and fire personnel who had better things todo than respond to pranks, it raised the overall level of anxiety in the City.Innocent and routine occurrences, like the subway stopping betweenstations with no explanation given, became anxiety-provoking events thatled to speculation (“Maybe there is a fire at the next subway stop”). Inthe best of circumstances, this woman’s remark would have been taste-less, but in this context, I found it offensive. Under normal circumstances,I would overlook such rude remarks, but this time I called an abrupt endto the conversation. Occasionally, these feelings were punctuated withguilt, as indeed, I realized that I was lucky to be alive and aggravated.
I (Donna) share this with you because you may have the same emo-tional response to a disaster. If the road that you ordinarily take to workhas been flooded, you will have to choose another route, and you mayget disoriented from time to time during your new commute. If yourcommunity has suffered an earthquake or a hurricane, a great deal ofwork will be done to restore it. That will take time and delay the returnto normalcy. Your children may be re-routed to a different school untiltheir school has been restored after the disaster. The disruption of theirlives will have consequences for yours.
Recognize that these reactions are not unusual following a traumaticevent, such as a major disaster. You will likely have “normal” reactions tosuch an abnormal event. These reactions may include:
• Physical reactions■■ Fatigue■■ Nervous energy■■ Changes in appetite■■ Sleep disturbances, including insomnia and nightmares
Recovery 185
■■ Lack of physical coordination■■ Nausea■■ Chest pains/heart palpitations, changes in blood pressure■■ Chills, sweating
• Emotional reactions■■ Shock, numbness■■ Feelings of helplessness■■ Fear■■ Depression■■ Anger■■ Anxiety■■ Feeling unappreciated■■ Feeling isolated■■ Guilt■■ Irritability
• Mental reactions■■ Intrusive thoughts about the event■■ Flashbacks (to reexperience the event)■■ Confusion■■ Memory difficulties■■ Difficulty making decisions■■ Diminished attention■■ Difficulty concentrating■■ Avoidance of people, places, and activities■■ Tendency to engage in workaholism■■ Absenteeism
• Behavioral reactions■■ Withdrawal■■ Hyper-alertness■■ Suspicion, aggression■■ Pacing, fidgeting■■ Increased consumption of alcohol or cigarettes
The reactions will run the gamut from numbness and indifferenceto hyper-alertness. The following steps may alleviate the symptoms:
• Follow your “normal” routine■■ Maintain a normal schedule, with respect to sleep and work
hours.■■ Engage in regular exercise.
186 Contingency Planning and Disaster Recovery
■■ Don’t increase your consumption of alcohol or cigarettes.■■ Don’t change your dietary habits.
• Stay in touch with friends and loved ones.• Get adequate, or additional, rest.• Practice being in the present moment. Remind yourself that the
disaster is in the past and you are in the present.• Discuss your feelings with others and, if necessary, seek counsel-
ing if you need additional support coping.
Be alert to any difficulties your employees are experiencing. It is agood idea to be pro-active about getting help, even if just to confirm toyour employees that the reactions they are having (or may have in thefuture) are normal. Does your company’s health insurance plan providefor counseling benefits? If so, discuss this option with your employees.If the disaster that struck your community was a major one, the Red Crossmay have resources available to you, to assist in counseling and dealingwith the after-effects of the disaster. Check with your local departmentof public health or community hospital to see what other resources areavailable.
We strongly recommend inviting a counselor to spend an hour or sowith you and your employees as a group to discuss the reactions to a trau-matic event. An informative briefing can sensitize your employees to thereactions that they may experience and offer them assurance that suchreactions are not uncommon following a disaster. At the same time, suchinstruction can alert your employees to the likely emotional reactions thattheir colleagues may experience following the disaster. With understand-ing comes tolerance. The session should end with instructions on howto get follow-up, one-on-one counseling. Don’t pass on the opportunityto invite a counselor to visit your workplace, even if everyone seems tobe coping. You don’t know what nightmares people may be having whenthey go home at night. We encourage you to be pro-active in addressingthese issues.
We would like to give you four recommendations on dealing withthese emotional reactions. Again, we cannot offer you professional ad-vice in these matters, but we can speak from our own experience. Thefirst recommendation is to attend a formal event commemorating whathappened and grieving your loss, if possible. Attendance at such an eventmay “validate” in your mind that yes, the disaster really did happen (ex-traordinary events can have a surreal aspect to them). It may also afford
Recovery 187
a cathartic release of emotion in an appropriate setting. All cultures haverituals; we have rituals for celebrating birthdays, anniversaries, deaths,national holidays, religious observances, and so forth. Rituals can struc-ture a shared experience and may be helpful to you in acknowledgingwhat has happened, grieving the loss and moving on.
I (Donna) attended the memorial mass for Firefighter James Coyleon October 24, 2001. Mayor Giuliani had asked New Yorkers to attendthe services for the police officers and firefighters who lost their lives onSeptember 11, 2001. When a firefighter or police officer dies in the lineof duty, the City ensures that the loss is properly acknowledged. However,given the number of those who died on that date and the need for on-going work at the World Trade Center, the City wanted to supplementthe ranks of firefighters who could attend memorial services. I didn’tknow Firefighter Coyle—I read the schedule of memorial masses on theNew York Fire Department’s website. And yet I found myself crying inchurch for the loss of a total stranger. One of the most powerful memo-ries I have of the memorial service was seeing the firefighters from Chi-cago, Las Vegas, Baton Rouge, and elsewhere. Their uniforms identifiedtheir origin. Many of them came in buses to New York City to supportthe family of Firefighter Coyle and the New York City Fire Department.
I keep the program for the memorial mass on my desk and when-ever I feel discouraged, I pick it up. The commitment and sense of pur-pose Mayor Giuliani (who spoke at the Mass) and the firefighters dis-played at that Mass is something I will never forget. When I saw thefirefighters who had come from as far away as Louisiana and Nevada, Iremember thinking to myself that no terrorist group could ever defeatthis power.
We hope that the disaster from which your business is recovering didnot result in any loss of human life. You may still find participation in astructured ceremony to be helpful. Perhaps your church or synagogueis having a service to pray for the community. There may be events suchas symbolic lightings of candles, or ceremonies to celebrate the reopen-ing of key public places. Participation in such an event may help you toacknowledge what has happened, away from the grueling schedule ofreadying your backup computer systems. It provides a forum for you tocome together with others and to share your commitment. I (Stefan) cantell you that during the last two weeks of September 2001, people regu-larly assembled outside my apartment building on the shore of theHudson River at 9 p.m. every evening to sing hymns, light candles, or just
188 Contingency Planning and Disaster Recovery
to be silent together. For the participants, this was an important way toshare their experience; for Donna, it was attending a memorial mass forsomeone she had not met.
Our second recommendation is that you provide your employees(and your suppliers and customers, if possible) with some written com-memoration of the disaster as a way of acknowledging their experience.Following the September 11 attacks, the Baptist Church distributed inour community (Donna) a book titled A Passage Through Grief, by BarbaraBaumgardner.4 The author writes of how her life has been shaped by loss:the loss of her husband, her father, her 17-year-old granddaughter. Shespeaks frequently at hospice workshops and leads grief recovery groups.The book does not speak to any particular religious denomination; it isan interactive journal that guides the reader through a series of exercisesto help them cope with their experience. The Baptist Church was kindenough to give me extra copies and I distributed them to people withwhom I work. It is a way of letting the people in your business life knowthat you care about them and that they are in your thoughts during thisdifficult time. You won’t likely engage in mutual disclosures of highlypersonal information with your business contacts and you may neverknow the pain that the others experience. This is one way of being sen-sitive to the experiences of others without being intrusive. There areother books that treat the same topic in different ways; select the one thatis suitable for you.
Our third piece of advice is that you listen to others who want toshare. One of the common reactions that surprised us was the needpeople had to tell their stories. The experience was like the reverse ofthe poem by Samuel Taylor Coleridge, The Rime of the Ancient Mariner.5
Instead of being obliged by the gods to tell our stories to everyone whomwe meet (the fate suffered by the ancient mariner), we were obliged tolisten to the stories of everyone whom we met. People really need to talkabout it—where they were when it happened, what could have happenedand thank God it didn’t, what were the consequences to them of whathappened, what happened to other people. You can be dashing out thedoor for a meeting and the mail carrier will stop you and tell you his storyand you have to listen. People really do need to talk and feel better afterhaving done so—even those with whom you are only casually acquainted.We have learned to allow people to get the relief they need; if our listen-ing helps them, we are glad.
Finally, be aware that the most severe emotional reactions may oc-
Recovery 189
cur months after the disaster, when you are supposed to have “moved on”.The Wall Street Journal headline6 summarized the phenomenon: “SixMonths After Sept. 11, Therapists Brace for a Second Wave of Trauma.”The article reports that:
[Text not available in this electronic edition.]
190 Contingency Planning and Disaster Recovery
Informal inquiry among our friends who have survived major trau-mas such as earthquakes suggests that a delayed emotional response toa traumatic event is not unusual. Be aware that emotional responses tothe disaster can be delayed. Be sensitive to both your own well-being andthat of your employees. And please, please seek help if you need it. If youexperience symptoms such as chest pains or sleeplessness or other un-usual reactions following the disaster, help is available. You won’t be ableto look after your employees and your family if you are run down. Getthe support you need.
NOTES
1. When recovering from a disaster such as a fire, there are companies thatspecialize in providing property restoration services. It is important thatyou do not attempt the cleanup yourself or with the use of untrainedpersonnel. In a well-intentioned attempt to remove soot and ash, youmay cause the particles to become airborne and so possibly cause morerespiratory problems for those who work in the area. This is a job thatyou must leave to professionals. Your insurance carrier can recommenda qualified restoration service in your area.
2. As you recover from a major disaster, you will likely not have a fullcomplement of staff. Some of your employees may be unable to returnto work immediately following the disaster. Remember to anticipate thatsome of your employees may be military reservists who will be called toactive duty in certain types of disasters. Other employees may be forcedto work from home if their commute to the alternate location is impairedor if they have to attend to family needs.
3. Cited in Crain’s New York Business, January 28–February 3, 2002.4. Broadman & Holman Publishers, 95 pp., 1997.5. Dover Publications, 76 pp., 1970.6. March 5, 2002.
191
CHAPTER 4
Sample IT Solutions
In this chapter we present specific examples of systems configurationsfor small businesses of different sizes. You can adapt these configurationsto suit your own needs. If you have already invested in an existing ITconfiguration, you may choose to modify it to include some of the sug-gestions presented here. These examples should serve to end the mis-conceptions that contingency planning is a function limited to largecorporations or that it is a highly specialized practice requiring expen-sive consultants and a generous IT budget. As these examples show, witha modest investment you can have a system configured for your smallbusiness with built-in contingency.
Contingency planning for small businesses is not difficult, but it isdecidedly different from the process of contingency planning for largeorganizations. Importing to small businesses concepts developed for largecorporations rarely succeeds. The poor track record of downscaling con-tingency plans developed for large corporations for implementation bysmall businesses may explain the misconceptions regarding the cost andexpertise that contingency planning requires. As the American Red Crosshas found, disaster mitigation efforts can be effective for small businesses,even with their more limited resources. Exercise good judgment andapply the basic precautions that we have shared with you in this book toeffectively protect your business.
Too often we have seen small business owners who invested mean-ingful resources in business contingency services or products that ap-peared to be a good choice for adequate protection. They are frequently
192 Contingency Planning and Disaster Recovery
disappointed with the implementation of these solutions. The protectionafforded by these contingency solutions is often too narrow in scope tobe of any use and addresses only a narrow range of disaster scenarios.The “minor” disasters continue to occur even after an IT solution cost-ing $20,000 to $50,000 has been put in place. Unfortunately, it is theseso-called minor disasters that strike small businesses with the greatestfrequency and can cause significant cumulative losses. Do not be per-suaded by the colorful marketing brochures and impressive brand nameswith tantalizing promises of corporate-caliber disaster protection. Youneed to establish a good balance for your business between your particu-lar needs and the scale and cost of your solution.
Of course, each small business has unique requirements for IT solu-tions. Even so, many businesses share the same needs for disaster recov-ery. The required infrastructure is dependent on the actual size of thebusiness. Therefore, we distinguish between the following three catego-ries by business size:
Small business or home office: fewer then 8 computersMedium business program: between 8 and 20 computersLarger business program: more than 20 but less than 50 computers
You probably have a good idea of what level of contingency you wouldneed for your IT solution. For each business size category, we distinguishbetween two strategies:
• Basic contingency. This strategy is geared toward the most com-mon disaster scenarios, such as human error, equipment failure,and third-party failures. This solution provides adequate, cost-ef-fective protection for most small businesses.
• Robust contingency. This strategy provides more extensive cover-age for the first three scenario types—human error, equipmentfailure, and third-party failures—and offers some reasonable pro-tection against environmental hazards, fire, natural disasters, ter-rorism, and sabotage. This is the choice for small- to mid-sizebusinesses that are concerned about these additional risks or sim-ply want the additional contingency for peace of mind. You knowyour unique level of risk tolerance and the resource constraintsof your small business. Those factors will determine whether you
Sample IT Solutions 193
elect to implement a basic contingency solution or a more robustplan.
No solution can offer 100% protection, especially in the case of in-ternal sabotage. However, the robust setup provides significant protec-tion against disasters that require an independent “shadow” operationexternal to the main worksite. This setup can be leveraged when com-bined with an alternate site for your business that can also be used inordinary working conditions, such as a sales office or training room.
Of course, adding contingency to your IT infrastructure incurs costs.If we assume that all computers are used for standard office tasks, likeword processing, spreadsheets, presentations, simple databases, and soforth, we arrive at the following cost estimates for additional IT equip-ment needed (exclusive of labor costs):
• Small business or home office program■■ Basic contingency: equipment $5,000; replacements and up-
grades $1,000 annually■■ Robust contingency: equipment $10,000; replacements and
upgrades $5,000 annually• Medium business program
■■ Basic contingency: equipment $20,000; replacements and up-grades $3,000 annually
■■ Robust contingency: equipment 30,000; replacements and up-grades $10,000 annually
• Larger business program■■ Basic contingency: equipment $40,000; replacements and up-
grades $5,000 annually■■ Robust contingency: equipment $60,000; replacements and
upgrades $15,000 annually
Note that the costs for specific businesses, like a software develop-ment company, can significantly exceed these estimates due to theirparticular uses of computer equipment.
We exclude labor costs from the expense estimates simply becausethey will vary depending on whether you have knowledgeable IT staff in-house who can be trained to implement contingency solutions or if youhave to contract the skill set into your company when needed. Businesses
194 Contingency Planning and Disaster Recovery
such as restaurants or medical practices most likely rely on external con-tractors for their IT needs. Businesses that are intensive producers ofdocuments, such as legal practices, often have basic IT expertise in-house.If you rely on outside contractors, the consulting costs will not be drivenby the original setup costs, but by the subsequent training effort that isneeded for your company.
Small companies often ask if they should outsource their IT servicessimply because they are “too small.” Size does not matter here. Do notautomatically assume that a small company should outsource its IT ser-vices, while a larger one should have its own dedicated IT group. It re-ally depends on the nature of your business and if IT is a core part of it.For example, a small website design agency will have a direct need for atleast combined skill sets from people setting up websites who takecare of your IT environment at the same time. A larger building man-agement company that consists of real estate agents and building admin-istration staff would likely hire a system administrator as needed. Yourbusiness product, not your company size, will influence the outsourcingdecision.
HOME OR SMALL OFFICE PROGRAM
You work on your own, or occasionally with a small team that supportsyour business. Although you use your computers quite often, you are a“light” user, meaning you do not produce large volumes of new data. Butyou are concerned about your data safety and prefer additional contin-gency while you limit your IT budget. You need a solution that is easy toadapt to your current infrastructure.
Since you are sensitive to costs, we recommend that you regularlycompare your equipment with the systems specifically offered for smallbusinesses. Be certain that you maintain at least the minimum recom-mended requirements for the current operating system. Over the pastcouple of years, there has been a steady increase in processor speed, harddisk sizes, and RAM. Make certain that your system keeps pace, withinreason, to the currently available standard systems. The modest invest-ment required to keep your system memory within the range of currentstandards is well worth it, considering the costs of having insufficientmemory capacity.
Sample IT Solutions 195
Basic
You must choose between a backup method that uses two hard disks inthe same computer and the network solution in which a file server willhold a copy of your local data. We recommend the network solutionbecause it is scalable as your business grows. The price of online storagespace has dropped significantly, although there is still a wide range ofservices offered at different costs. It pays to compare and select wisely.
We recommend that you purchase a high-speed network card foreach PC and connect your PCs to the network using a simple networkswitch or hub. We advise against installing modem cards to individual PCsfor external dial-up access capabilities. If you connect to the Internet viaanalog modem, use a network router with a built-in modem so that yourbusiness can log ingoing and outgoing data traffic of all employees onthe network.
We further recommend that you have at least two printers and twotelephones, one analog and a second cellular phone, for additional con-tingency.
Human Errors
On occasion you will mistakenly delete an important file. Even the small-est businesses need to have rules and procedures in place for naming andstoring important files, so that older versions of the files can be recov-ered at any time. Consider a good version control system.
Equipment Failures
To protect against equipment failure, make certain that each computer’sset of data is copied, by the use of file synchronization or disk-to-diskbackup tools, to the hard drive of another computer. This can be doneat night or on demand during the day. This backup computer can be anymachine in your network with sufficient storage capacity; thus, your dataare duplicated on whatever machine is available to hold the additionalfiles, or you can create a centralized solution where you store backup dataof all PCs on that single unit. Of course, you could also use an online
196 Contingency Planning and Disaster Recovery
storage system, if your Internet connection supports the volume of datayou must transfer within a reasonable interval of time.
A local centralized solution would create major problems if thatbackup system itself fails. Even so, you may prefer a centralized solutionbecause of concerns about data security and so maintain data storage ina single office that is locked at the end of the business day. Protect yourbackup system against power failure with an uninterruptible power sup-ply (UPS) unit that is connected to that centralized PC.
Third-Party Failures
The most likely source of third-party failures for a home or small busi-ness office would be the Internet connection. You should have two alter-nate means of connecting to the Internet, irrespective of whether youuse an analog modem or a faster connection method. For analog mo-dem or faster access methods, you want to have two connecting pointsand two modems, such as two analog modems, or one analog modem anda cable modem, or any combination with another access method. Youshould also subscribe to two ISPs. You do not need to pay for two ISPsbecause you need one main and one backup service. You can choose afree provider that you use only when your main ISP fails, unless, of course,you want to leverage two continuously running ISPs for faster Internetaccess for everyone. So if the connection to ISP #1 fails, you will continueto have access to ISP #2 until the first connection is up and running again.We cannot stress enough that your main e-mail should neither be withISP #1 nor with ISP #2. It should be independent of your service provid-ers held by a third party. You can, however, use an ISP e-mail as a backupmethod if your third-party e-mail itself fails.
Robust
If you are particularly concerned about additional contingency, imple-ment the robust solution in addition to the basic solution. Thereare many reasons why you may require additional contingency measures.Perhaps you need additional contingency because your office is locatedin a flood zone or your children like to play video games on your
Sample IT Solutions 197
office computer and they always manage to get the latest virus into yoursystem. You need an arrangement that allows you to evacuate your officeon short notice and to have your data securely stored and accessible toyou.
In the event of an actual disaster, knowledgeable IT staff will be ascarce resource for weeks to come. You need to ensure that everyone inyour company can work with and recover data from the backup media.For most small businesses, tape solutions are too complicated to use, andmost likely not necessary considering the amount of data to be stored ina daily backup. You can easily use CDs or DVDs to hold your data andstore them in a bank safe. Assuming a CD or a compatible DVD readeris available off-site, you can restore your system yourself using these disks,instead of having to rely on someone with technical skills.
For the robust solution, you will need fast Internet access at yourprimary office and at your secondary secure location. Typically, for mostowner-managed businesses, you would have one computer at work andone computer at home, so they can back up each other in the event oneof them fails or becomes inaccessible. This solution leverages contingencywith the advantage of having access to all files at work in your home of-fice and vice versa. If you like to keep your business data separate fromyour home computer, you can purchase space on a large Internet onlinestorage service provider and send your backups to that space. This canbe a secure way of storing data; you need to determine if this is cost-effective, given your particular circumstances. Simple solutions often dowonders. For example, you could use the remaining space on your web-hosting site for backup storage, and make your backup data availablethrough a password-protected hidden area on your website. Given thelow prices for website space, this could be an inexpensive alternative.Indeed, your business has likely already paid for website space; now youcan leverage that investment.
You need access to two printers; one of them should be a personalor small business laser printer for added reliability. You should have atleast two phones, preferably through two different phone service provid-ers, such as a classical analog phone and your cellular phone. Use yourcellular phone as your primary company telephone that forwards callsto your analog office phone number when you are in the office; whenyou leave the office, turn on the cellular phone to answer incoming callsdirectly.
198 Contingency Planning and Disaster Recovery
Environmental Hazards
You want to shut down all nonessential equipment and maybe leave onemachine on, to which you could connect from home to perform abackup. It is important that you password-protect this machine becauseyou will not know who may enter your office during the hazardous con-dition alert.
You can expect that your equipment on-site will continue to functionand you simply relocate to your alternate office site. If you have the time,such as a warning asking you to leave the building, start a backup to makesure that everything has been transferred to your alternate site, and thenshut down the system.
Fires and Other Disasters
For the robust solution, we anticipate severe damage to the IT equip-ment, and if you have advance warning (e.g., flood conditions), yourbusiness is of a size that you might want to consider moving all IT equip-ment with you to a secure location. Otherwise, run a backup job to syn-chronize all files with an off-site backup system and then shut down allcomputers at your location.
Terrorism and Sabotage
Terrorists and saboteurs select targets with the goal of inflicting maximumdamage. They will use any method and any information, including in-ternal business information, that they can obtain. Protect yourself byoutsourcing some essential services, such as e-mail, to a third-party ser-vice provider. You also want to occasionally have backups on removablemedia that you can store at a secure location that is not accessible to thepeople ordinarily responsible for backups. Choose a medium with whichyou are familiar and that can be easily used by anyone who needs it.Probably you prefer using CDs because they can be read on any PC. Makecertain that the CDs contain actual files and not one big file that is theoutput of backup software that first must be installed on the PC beforeyou can read the data.
Sample IT Solutions 199
MEDIUM BUSINESS PROGRAM
Your business has been successful and it has outgrown a single work groupsolution. You need to assign your staff to two or three different functionaldepartments. Your IT setup also has become more complex. It is nolonger possible to pay attention to the computer operations of individualusers. In fact, computer usage varies a great deal. Some employees maybe heavy users, producing large volumes of new data, and others occa-sionally do research on the Internet. Your network traffic has increased.From time to time, you experience network congestion. You find that youneed to organize your network in segments to better distribute the load.
Although you are a conservative investor in IT equipment, you real-ize that you have become dependent on the proper configuration andoperation of that equipment. You need access to vital data at any time.You are therefore willing to invest a little more, assuming, of course, thatyou see direct and immediate benefits from such investments.
Minimal
In a medium-sized business, some people continue to work in smallteams; others do more specialized work and manage their own data sets.For example, your salespeople are often on the road and their laptopsbecome necessary for presentations as well as records of client data andsales information. You want to make certain that these data are secure,meaning that they are safe from access by third parties if a laptop is lostor stolen. You should introduce some physical security such as steel cablesfor your equipment because you have reached a size where you havevisitors to your office.
I (Donna) formerly worked with a client who had an unscheduleddelivery pickup at 5:30 on a particular Friday afternoon. The few employ-ees remaining in the office were eager to finish their tasks and leave forthe weekend, so they paid him scant attention. The next Monday morn-ing, we learned that five laptops had been taken. A security tape showedthe delivery man leaving the office with the laptops. When a managercalled the delivery service for which this man supposedly worked, shelearned that the man was an imposter with a borrowed uniform. Thedelivery service did not have a scheduled pickup for that office at any time
200 Contingency Planning and Disaster Recovery
on that particular Friday. You cannot imagine the inconvenience to thefive employees who were temporarily without laptops. Even worse, a sto-len laptop is like an open door into your company because it containssettings such as how to reach the office via virtual private network (VPN)connection. Minimal precautions could have prevented this theft and theattendant loss of files.
Your office generates information stored in thousands of data files.These files must be maintained, and the documents developed on theroad must be merged with documentation developed in-house. You needto safely store all documents and to ensure the fast retrieval of informa-tion, even files that had been created years ago. We are often amazed howsome people seem to be able to memorize over many years thousandsof file names that are truly cryptic, often building their own mnemonicdevices; however, they are the exception to the rule. Can your businesspartners and employees understand your mnemonic system? This is prob-ably not the case unless you have standardized the system and trainedpeople to use it.
Your access to the Internet is probably one of the critical third-partyservices that is functional most of the time. Analog modem service is nolonger an option; you have to be concerned about data security and youwant to log ingoing and outgoing data. You will need a faster connection,for example, a DSL or cable modem connection. Maintain one analogmodem connection and a subscription to an ISP that provides your staffwith dial-up access while they are traveling, but can also be used for youroffice as a backup if the primary Internet connection fails. You can con-nect to that ISP and publish the connection in your internal network.
Often small businesses operate an internal file server that runs manynetwork services that are generally better hosted by a large computercenter. Originally, the file server had been purchased for features likecentral user management, but since it has been available, its use hascontinuously extended to provide e-mail services, web services, networkservices, and so forth. In short, it has become a component that concen-trates many functions, and a server defect would stop the whole officefrom working. It is a nightmare with regard to contingency planning, butit is still common practice at many offices. You need to minimize theconcentrated functionality in that machine. You may satisfy your require-ments much better with several smaller and simpler solutions. In any case,
Sample IT Solutions 201
your essential services should be outsourced to a computer center thatcan better satisfy your needs. (We assume that hosting mail, file, and webservers is not your primary business.)
Human Errors
When your company was smaller you communicated orally withyour team members about how to store files. You would always be avail-able to answer questions regarding the location of a file. As your busi-ness has grown, data management has become more challenging and hasassumed a greater priority. Compliance with proper file-naming proce-dures can become sloppy when businesses become less vigilant. You prob-ably have made a few naming errors with your own files. Look at adirectory that you created five years ago. Does the file-naming procedurestill make sense to you? If so, congratulations, you found a good schemethat works for you, but in most cases, this exercise demonstrates howdifficult good data management can be even for a single person overtime. Imagine a small team of people working on a set of documentsand that in five years’ time another team must to go back and revisethose documents. This can be a daunting task, especially if thosedocuments have thousands of embedded external links to other docu-ments.
No single person can assume responsibility for data management ina small business. Everyone must share this task. User education togetherwith a carefully crafted data storage framework makes all the differenceto your business success. Specify which data will be saved during a backupand which will not be saved. For example, it is much easier in user train-ing to explain that only data stored in particular locations, such as sepa-rate (logical) disk drives, are included in the backups. Now the userknows where to put important data. The location where the system storesuser settings and other such information should be directed to that userdata drive. Some manufacturers advertise that this process could beperformed only during the installation of an operating system, but in factthere are small utility programs that redirect user data into a specificstorage area. Remember, you are not the only person facing this prob-lem, and solutions are available.
202 Contingency Planning and Disaster Recovery
Equipment Failures
If you assume that the average time before failure of the hardware onthe typical PC is about four years, and you have 12 PCs in your organiza-tion, you can expect, on average, three hardware failures per year. If youdo not live next to the computer store, we recommend that you have atleast one spare up-to-date PC to immediately replace a defective PC. Youneed to make regular backups of each PC’s system partition to keep trackof all user settings, system updates, and special software that have beeninstalled for a particular usage of the system.
We often see installations where users store their data directly on fileservers or specific network storage devices that are commonly referredto as network drives. This installation is effective only if you have a sec-ond storage location where you can back up the data on those devices,and if those installations will be accepted by users. This installation iseffective as long as computer usage is “light,” meaning that the storedfiles are small and you don’t anticipate having to alter or search for largeamounts of data. If that is not the case, users will quickly determine thataccessing those drives over the network is not as fast as working directlyfrom their local disks. Consequently, they start to use their local disks forwork in progress and promise to regularly copy that data to the networkdrive, but after a while, they forget their own intentions. When the localhard disk crashes, they need all their important data back, which incursan extraordinary amount of cost and stress on the available IT resourcesof a small business. Therefore, if users work with large data files, andspeed differences between network drives and direct local drives are sig-nificant, we usually discourage small businesses from using network stor-age and from relying on users to make their own backups to these de-vices. Instead, you may implement a file server as a data collector, whichmeans that this machine will collect all user data from local PC drivesautomatically overnight or at the request of the user. For the data col-lection, you can use disk-to-disk backup software, or even better, simplefile synchronization tools that transfer only files that actually have beenmodified, and otherwise maintain exactly the same file structure on thebackup server as on the local PC. As long as you install sufficient harddisk capacity on that backup server to hold all the system partitions, youcan have an effective and simple solution to your backup needs.
With a centralized solution come additional risks, such as the failureof the backup server itself. Most small businesses can tolerate a couple
Sample IT Solutions 203
of days of downtime on the backup server machine, but many otherscannot. You need to have a second backup machine that you can quicklydeploy.
However, we always recommend that you use a UPS unit that lasts forabout 10 minutes and provides an automatic shutdown mechanism whenthe power interruption nearly drains the battery.
Third-Party Failures
You rely on your fast Internet connection to have essential services likee-mail available at any time. You discover, however, that the services thatwere advertised to be available 24/7 can have their occasional downtime,micro outages, or simply network congestion caused by overused band-widths or high latency with slow response times. You must have a secondISP as a backup solution. The suggestions for the home office and smallbusiness program regarding e-mail and web services also apply to themedium-sized business. You need add only one fast ISP connection, or asecond connection, either a fast one through a different provider, or ashared analog modem or ISDN connection.
You have probably purchased a telephone system and are now ableto make direct-dial internal calls. But phone systems also fail, althoughtheir reliability is generally much higher than that of a PC. If the phonesystem fails, you still want to have at least two traditional analog phonelines. You probably need them for your fax machines anyway, and ifnecessary, you can connect a regular phone to make calls.
Robust
You are concerned about reliability and additional contingency for yourmedium-sized business. Perhaps you live in a disaster-prone area. But youdon’t need high-availability setups, which more properly belong to a datacenter. You probably have few employees who are IT experts, and theoccasional case of equipment failure should not require you to summonan IT consultant because operations have been interrupted.
You need to be able to leave your office at any time without sacrific-ing your business operations, irrespective of whether or not a disaster hasstruck. For example, if all of your staff is away from the office, you can
204 Contingency Planning and Disaster Recovery
use a robust setup because it will provide you with remote operationcapabilities.
Having a setup that is resistant to the failure of a single hard disk isachieved by equipping each PC with two hard disk drives that are mir-rored using a low-cost RAID (redundant array of inexpensive disks) card.It is a solution that will give you immediate peace of mind against a diskcrash. You need to be aware, however, that it will not protect against usererror. If you delete a file by mistake, it is deleted on both disks. If youare concerned about user error in the first instance, you should go for adual-disk setup where the files from one disk are duplicated on the othervia a file synchronization tool, and old copies can be kept until they areexplicitly deleted.
You also want to double up on your network equipment. Buy twonetwork cards for each PC, two network switches, two routers, and so on.In the overall scheme of IT equipment cost, this is a small budget item,especially when you consider that you have to keep the additional equip-ment in your spare parts inventory. With this method, you build tworesilient networks within your company that should be connected to twodifferent ISPs. Configure your network such that a failure on one net-work causes your IT equipment to automatically use the alternate routes.
Again, you need a remote site with faster network access where youcan move your data overnight, preferably through a direct connectionover the Internet through a secured 128-bit encrypted VPN tunnel. Youcan subscribe to a data center that offers this remote storage solution,or you can simply store it on a file server at your home, assuming, ofcourse, that all data are encrypted and that employees have been advisedthat no personal information should be stored on the company’s com-puters.
Your preparation and response to the various severe disasters thatwould destroy your office site is the same as for the smaller business, butyou need to organize regular emergency drills and establish some ruleson the appropriate response to each type of disaster.
LARGER OFFICE PROGRAM
With about 20 employees using PCs, particularly if you have some intenseusers of computing power in your company, you have reached a size
Sample IT Solutions 205
where it probably makes sense to have at least one (junior) IT personon board to deal with the daily glitches and ongoing system and softwareupgrades. This changes the picture for contingency planning somewhatbecause now you can rely on that person to ensure that the daily opera-tional tasks are performed and that the data backups are tested regularlywith satisfactory results.
However, having an IT person inside the company is not necessarilya guarantee for higher contingency and smooth operations. We see toooften that knowledgeable staff tend to implement in-house services thatfor a growing, but still relatively small company, should be hosted at acomputer center. Services like e-mail and web hosting are best maintainedexternal to the company for contingency reasons. It is acceptable to havebackup servers in-house or preferably at a second data center, but youdo not want the primary service in-house because this creates additionalcontingency risks. Of course, many arguments can be made for why aparticular service should be hosted in-house, such as security concernsor cost savings. These arguments overlook the benefits that come withprofessionally hosted and maintained solutions, often at low cost.
A larger business requires stronger security measures, such as pre-cautions against theft of equipment. We have seen cases where the theftof one computer resulted in a loss of data. It is truly a disaster. Manyvendors offer solutions designed to protect your equipment. One solu-tion has your laptop communicate with a host on the Internet to iden-tify the location where the computer is being used. If that location is notwithin your company, the computer would refuse access to any datastored on it. Unfortunately, this is a weak form of protection, as a rela-tive novice could detect such software and hack the system, thereby de-feating the solution. We believe that the best protection you can have isto lock laptops that are not in use and to secure equipment with solidanti-theft devices, like steel cables or alarm systems. Be sure to establishcompany policies with respect to computer usage and access permissions.
Larger businesses require more formal, administrative approachesto disaster recovery planning. A company with more than 20 employeescannot effectively administer desktop computers one at a time. You needstandardized installation packages and homogeneous hardware, to theextent possible, which allows system administrators to upgrade wholegroups of PCs at once over the network. This size of company requiresconsistent guidelines and company policies with respect to network ac-
206 Contingency Planning and Disaster Recovery
cess permissions and other systems procedures. If your IT infrastructureis truly scalable to increased computing needs, it will afford faster growthfor your company.
Minimal
Once you have set up your computer system according to the guidelinesfor small and medium-sized businesses, the challenge with a larger instal-lation is to keep the system consistent and to protect it from unneces-sary interruptions. For example, you should not allow visitors to plug theirlaptops into the company’s network. Many well-intentioned people areunaware of the damage that they can cause. We have seen external con-sultants plugging in their laptops to have Internet access, not realizingthat they were publishing sensitive information about their companiesthrough a shared file system with full access to everyone.
User and computer administration is a priority. Administer all userand computer permissions by creating appropriate accounts and man-aging the whole network through an administrative server. You will alsodefine distinct groups, such as the accounting department and identifymembers who belong to each group, so that, for example, all other us-ers will have limited, if any, access to the data of the accounting group.
Your network must be built carefully. You will describe it by topologyand system architecture, because you will need sub-networks, and youmay face network congestion at critical points. You need to monitoryour network and all the systems connected to it, and implement flex-ible mechanisms, such as alternate routes for the network to balance itsload.
Human Errors
With this standard PC infrastructure, you can organize user training inregularly scheduled seminars to introduce new employees and to updateexisting staff. This configuration does not reduce your training needs; itsimply requires that user training be delivered in a different manner. Thesuggested configuration for backups in stage one as presented in the lastsection would also be appropriate for a company of this size.
Sample IT Solutions 207
Equipment Failures
Having more PCs means having more system crashes, either related tosoftware or to hardware issues. Fixing problems becomes a matter ofprioritizing needs to be handled by tracking systems that determine inwhich order IT equipment is to be repaired. Having a largely standard-ized environment means that more spare parts and whole systems areheld in stock within the company so that a defective system can be im-mediately replaced.
The backup requirements for stage two remain the same as for themedium-sized business program.
Third-Party Failures
A T1 data line is preferable for Internet access. If this solution is tooexpensive, consider bundling lower bandwidth solutions. You might wantto consider at least one similar connection from a different provider forcontingency, such as a DSL backup connection, which you use innondisaster situations to route all nonessential traffic, such as streamingaudio media.
Robust
Given the size of your company, providing a remote operation becomesas much a technical challenge as an organizational one. You shouldimplement a high-contingency setup like the one recommended formedium-sized businesses. You also need secondary servers that automati-cally kick in if the primary server fails because the administration of thenetwork through a server has made the server a critical point of failure.Now you begin to see issues that larger companies face in planning fordisaster recovery that need not concern smaller businesses.
With respect to remote operations, you may consider a disaster re-covery site where a team of specialists from your company could imme-diately take over your critical business operations. We recommend thatyou determine which services should be available at that site and how thesetup should be configured. Test these setups before disaster strikes, so
208 Contingency Planning and Disaster Recovery
you can be certain of their efficacy before you will have to rely on them.Again, you see where large companies have to invest their efforts. Con-tinuously ensuring that disaster sites are operational is an expensiveendeavor. We suggest that you try to integrate your disaster site into yourbusiness operations, and find an alternate use for the space, such as fortraining seminars.
The technology precautions are the same as those recommended forthe medium-sized business. Given the size of your organization, it makessense to plan for specific disaster contingencies and to assign responsi-bilities to each person in the company for disaster operations. Formalongoing training should be offered to your employees for disaster pre-paredness.
209
EPILOGUE
We hope that this book has given you a great deal to think about andsome specific tools with which to develop your small business contingencyplan. We hope that disaster never strikes your family or your business,but should you experience a disaster, we hope that the preparation workyou have done mitigates your losses and your business recovers quickly.We would like to provide a forum for an ongoing dialogue with our read-ers, as we recognize that contingency planning is always a work inprogress. Like you, we, too, revise our contingency plans and our insur-ance programs annually to bring our plans up-to-date with changes inour businesses as we continue to grow. We find that our contingencyplanning efforts yield tangible results in terms of improving our businessprocesses, irrespective of whether or not a disaster strikes. We also findthat we learn from the experiences of other small business owners and,we hope, some of them have learned from our experiences.
We have established a website, www.it4small.biz, to build a communitywith our readers. We hope that through this website we can share bestpractices with respect to contingency planning and provide updates tosome of the information we have provided in this book. We look forwardto meeting you, at least in cyber-space!
211
APPENDIX
Basic SafetyPractices
Throughout this book, we have guided you through the process of con-tingency planning and disaster recovery with a particular focus on infor-mation technology assets and insurance protection, our particular areasof expertise. Although facilities management is part of the contingencyplanning process, it is a topic we have not addressed until now. Facilitiesmanagement is not our area of expertise, and there are certainly manypublished books on this topic that are available to you. However, webelieve we would be remiss if we did not take the opportunity to high-light some basic safety practices.
Your local Red Cross chapter may offer training in basic first aidpractices. I (Donna) attended training sessions at the New York Citychapter. The instructor informed us of the Red Cross’s goal to have atleast one member of each household certified in cardiopulmonary re-suscitation and to be familiar with basic first aid practices. The standardfirst aid with automated external defibrillator course can be completedin eight hours and is offered at low cost. The course teaches the latestemergency cardiac care: how to use the automated external defibrilla-tor for sudden cardiac arrest. It also covers handling emergencies, adultcardiopulmonary resuscitation, and first aid for injuries and sudden ill-nesses. Those who complete the course will learn how to identify and carefor a variety of medical emergencies, including severe bleeding, shock,muscular skeletal injuries, and other sudden illnesses, as well as how toreduce the risk of disease transmission while providing care.
The Red Cross also offers separate courses in cardiopulmonary re-
212 Appendix
suscitation for adults and infants/children, basic first aid, and commu-nity cardiopulmonary resuscitation for those whose work makes themlikely to be called upon to assist others in an emergency. There is a spe-cial course, cardiopulmonary resuscitation for the professional rescuer,developed for medical professionals, lifeguards, aerobic/fitness/sportsinstructors, and public and private safety and security employees. Thosewho complete the Red Cross training receive certification in their skills.We all need refresher training from time to time, particularly when wedo not frequently call upon such skills. Accordingly, the standard first aidcertificate is valid for three years; thereafter, participants should take arefresher course to update their training and certification. For adultcardiopulmonary and automated external defibrillator training, the cer-tification is valid for one year. Be certain to have a first-aid kit on-site. Ifyou operate a business such as a restaurant, you are probably requiredto have certain first-aid equipment on-site and to be trained in adminis-tering some procedures, such as the Heimlich maneuver.
We have completed such training because it is a small investment inbuilding skills that could someday save someone’s life. We encourage youto do the same. We hope it never happens, but should an employee, avisitor to your office, or a member of your family sustain an emergency,you want to be trained to help the situation while more experiencedmedical personnel are dispatched to the scene. The Red Cross is one ofmany organizations that offer training that is relevant to your contingencyplanning efforts. Other organizations that you should consult includeyour local fire department, your local police department, your insurancecompany, your building management, and your local hospital. We haveconsulted such organizations in the preparation of our contingency plansand we would like to share this information with you. I (Donna) alsounderwent special training for responding to fires and am the designatedfire marshal for the floor of the office building in which my business isheadquartered. Since fire is a common form of disaster, let’s review somebasic safety practices to prevent and respond to fires.
In New York City, high-rise buildings are required to have in placebuilding information plans, including a fire evacuation plan, availableto residents and tenants. I (Donna) live in a high-rise apartment build-ing. The building management furnished each of the residents with a firesafety plan, approved by the local fire department. The plan includessuch information as the identification of exits, the location of the build-ing sprinklers and alarms, the telephone numbers to call in the event of
Basic Safety Practices 213
emergency, and basic fire precautions. Regularly scheduled drills verifythe functioning of the alarm systems. This information was very usefulon September 11, 2001. On that day, the police asked the residents ofour building to assemble in the south lobby for an evacuation. However,at the time that the evacuation was ordered, we were without telephoneand electricity service. The news of the evacuation spread by word ofmouth. Most of the residents were at work at that time. I (Donna) camehome from the World Trade Center and went to my next-door neighborsto inform them of evacuation and offer them assistance getting down thestairs. They did not appreciate the gravity of the situation, although theyhad seen the attacks on the television before we lost electricity, so I no-tified the police officer in our lobby that my neighbors were an elderlycouple, each with a physical disability, who were unwilling to leave. Hewent to their apartment to help.
Clearly, one of the advantages of advanced training was an awarenessof those in the building, both my office building and my apartmentbuilding, who might need help in the event of a fire. I know who in myoffice and apartment buildings is elderly and/or physically disabled andmay require assistance getting down many flights of stairs. The fire safetyplan was extremely helpful in this regard. If you live or work in a build-ing that does not require such a plan, try to produce one anyway. Shouldthe need arise, the preparation will expedite the evacuation effort.
We have another tip for you in connection with disaster-related evacu-ation. I (Donna) keep a supply of long-feed fish tablets that I can placein my aquarium that will dissolve and feed the fish for up to two weeks.I originally kept a supply of such tablets in my office (and in my home)for use in advance of scheduled business travel. Now, dropping a tabletin the aquarium is part of our evacuation plan, time and human safetypermitting. Another component of our office evacuation plan involvesrestroom searches. Each floor has two men and two women (one eachwith primary responsibility and one as backup) assigned to search themen’s and women’s restrooms in the event of fire. The idea is to ensurethat anyone who is in the restroom is aware of the call to evacuate.
For many of us, it has been many years since we were schoolchildrenand received fire safety instruction from the visiting firefighters. We wouldlike to share with you fire safety tips that we learned as part of our train-ing, and we encourage you to share this information with your employ-ees as part of your contingency planning. Of course, these safety precau-tions apply to your home and family practices as well.
214 Appendix
FIRE
In the event that a fire occurs in your office or business premises, thefollowing is a suggested evacuation procedure:
1. Close the door to the room where the fire is located and leavethe office. Close doors behind you as you leave.
2. Make certain everyone leaves the workplace with you (remem-ber to search the restrooms and other facilities where workersmay not be aware of the fire).
3. Take your keys with you. Close, but do not lock, the door.4. Alert the workers on your floor to the fire as you exit your pre-
mises.5. Use the nearest stairwell to exist the building. Do not use the eleva-
tor.6. Call 911 once you reach a safe location. Do not assume the fire
has been reported unless you see firefighters on the scene.7. Meet the members of your company at a predetermined location
outside the building. Notify the responding firefighters if thereare any employees who have not been accounted for.
If a fire is not in your facility but is adjacent to your facility, the fol-lowing is a suggested evacuation procedure:
1. Remain in your office and listen for instructions from firefightersunless conditions become dangerous.
2. If you must exit your facility, first touch the door and doorknobto detect heat. If they are not hot, open the door slightly andcheck the hallway for smoke, heat or fire. Because fire, heat, andsmoke generally rise, a fire on the floor below your office orworksite poses a greater threat to your safety than a fire on a floorabove you.
3. If you can safely leave your work premises, follow the evacuationprocedure we described for premises in which a fire has beendetected.
4. If you cannot safely exit the premises, call 911 and give the op-erator your address, floor, and number of people with you. Sealthe windows with wet towels or sheets, and seal air ducts or otheropenings where smoke may enter. Open windows a few inchesat the top and bottom unless flames and smoke are coming from
Basic Safety Practices 215
below. Do not break any windows. If conditions appear life threat-ening, open a window and wave a towel or sheet to attract theattention of firefighters.
5. If smoke conditions worsen before help arrives, get down on thefloor and take short breaths through your nose. If possible, moveto a balcony or terrace away from the source of the smoke, heat,or fire. If your clothes catch fire, do not run. Stop, drop to theground, cover your face with your hands, and roll over to smotherthe flames.
We emphasize that these evacuation procedures are suggested for youto discuss with your local fire department and emergency response teamto adapt to your own needs. We cannot anticipate every particular circum-stance you may encounter, but these suggested evacuation proceduresmight serve as a starting point for your own customized contingency plan.Don’t forget the procedures for shutting down your computer systemsand other necessary precautions presented earlier in this book. Of course,we expect you will take steps to prevent fires such as the following:
• Each room should have at least one smoke detector. Check themperiodically to ensure that they are in working order by pressingthe test button. Replace the batteries in the spring and in fall whenyou move the clocks forward and back one hour. If you follow thispractice, you should never hear the detector chirp to signal thatthe battery reserve is low.
• Maintain a no-smoking policy at your place of work.• If you have cooking facilities at your place of work, do not leave
your cooking unattended. Keep the stovetops clean and free ofitems that could catch on fire. Before you leave work for theevening, make certain that all cooking appliances are turned offand any coffee or teapots are unplugged.
• Make sure that you post the telephone number of your local firedispatcher where it is visible. Keep fire extinguishers on handand make certain that you and your employees know how to usethem.
• Never overload electrical outlets. Replace any cracked or frayedelectrical cords. Never run extension cords under rugs or carpets.Use only power strips with circuit-breakers.
• Always ensure the proper grounding of electric appliances. Usu-ally, they will have a three-pin power plug. Do not use a three-pin
216 Appendix
adapter to plug into a two-hole outlet without having an extragrounded cable connected.
• Keep all doorways and windows leading to fire escapes free ofobstructions and report to your building management or landlordany obstructions in the hallways, stairwells, or other means ofegress. Make sure each of your employees is familiar with the lo-cations of all stairwells and means of safely exiting the premises.
• Identify a meeting place a safe distance away from your worksitewhere you and your employees can convene after evacuating thebuilding.
• Be careful with greens or other holiday decorations. Do not keepthem for an extended period, as they become flammable whenthey dry out. Keep them planted or in water and away from build-ing and office exits.
• Determine if your facility is, or could be, equipped with fire sprin-klers and ensure that the sprinklers are in working order.
• Ensure that each employee understands basic fire safety informa-tion, including how to prevent fires, how to report fires, and howto evacuate the premises in the event of a fire. Conduct periodicdrills to avoid creeping complacency.
• Ensure that your company is in compliance with local fire codesand regulations.
• Locate utility shutoffs so that electrical power, gas, or water can beturned off quickly.
• Seek guidance from your local fire department and your insurancecompany and ask them to recommend fire prevention and pro-tection measures that are suitable for your business.
FLOOD
Now, let’s consider another peril: a flood or flash flood. Please remem-ber our advice earlier in this book: if you live in a flood-prone area, con-tact the National Flood Insurance Program to secure insurance protec-tion. (If you are not certain of your area’s risk of flood, contact your localgovernment’s planning and zoning commission for more information.)If you are in a flood-prone area, make certain that you keep your IT assetsand other electrical powered appliances on the higher floors of yourpremises. Property that you place on the lower floors of your premises isat particular risk.
Basic Safety Practices 217
Except in the case of a flash flood, you generally will have advancewarning of a flood. If your local news reports a flood watch in the area,this means that a flood is possible. A flood warning, on the other hand,means that a flood is in progress or will begin very soon. In the event ofa flood watch, try to move your valuables to the higher floors of yourbuilding. If the event of a flood warning, you should listen to your localnews reports for information. When an evacuation is ordered, shut downyour essential systems as described earlier in this book. If a flash floodwatch is issued, you may have to evacuate on a moment’s notice. Werecommend that you err on the side of caution and shut down your sys-tems on the issuance of a flash flood watch. Make certain that your em-ployees understand that in the event of flood, they should evacuate tohigher ground away from bodies of water.
When you evacuate, be respectful of barriers that have been erectedfor your protection. Barriers are put in place to block vehicles fromentering flooded areas. Be careful to stay on solid ground. You are at riskof electrocution if you walk in a flooded area, in which water could beelectrically charged from power lines. Also, if possible, shut off the elec-tricity at the main breaker or fuse box before evacuating. After you re-turn to your premises, you can determine if it is sufficiently dry to safelyturn back on the power. After a major disaster such as a flood, your lo-cal emergency authorities will advise you on precautions to take whenyou return to your premises.
HURRICANE
If your business is located along the coastline, you may be in a hurricane-prone area, but remember that such storms can work their way inlandfor many hundreds of miles. The accompanying heavy rain, floods, andtornadoes often compound the damage wrought by the hurricane. Whena hurricane watch is issued, this means that hurricane conditions arepossible within 36 hours. A hurricane warning means that hurricaneconditions are expected within 24 hours. When a hurricane warning orwatch is issued, you should prepare for high winds and rain. I (Donna)remember when Hurricane Gloria struck the New England states. I wasa college student and the dean advised us to criss-cross our windows withmasking tape. My roommates and I quickly obliged. Today, emergencypreparedness organizations advise against taping windows as it does notprevent breakage. We had, in fact, taped our windows in the hope that
218 Appendix
if the glass did break, fragments would not scatter about the room, caus-ing more damage. We had hoped that the tape would hold fragmentstogether. Fortunately, we did not have to learn if this method was effec-tive. The campus gardeners cut away the branches of certain trees so thatthe wind could blow through, thereby avoiding the risk of a powerfulwind blowing away a weaker branch that could cause injury.
If possible, prepare for high winds by installing hurricane shuttersor precut plywood for each window of your home. You should also bringindoors any furniture you have outside, including decorations, plants, oranything else that could be carried away by the wind. Check the signageof your business. It may be wise to remove signs and bring them indoorsuntil the risk of a hurricane has passed. Remain attentive to the adviceof civil authorities and listen to the news for orders of evacuation. If youwill not evacuate your premises, remain indoors, away from the windows.Remember not to be deceived by the calm “eye” of a hurricane; the worstis not yet over. Don’t go outdoors unless you are advised to evacuate bythe emergency authorities.
HEAT WAVE
A heat wave is an extended period of extreme heat and humidity. Themeteorologist of your local news organization will warn you of impend-ing heat waves. We were anticipating heat waves in the summer of 2001,when warnings of brown-outs, or disruption of electricity, were expectedto leave much of New York City without air conditioning. Fortunately, weexperienced no such brown-outs and the heat was tolerable. You won’thave to evacuate your premises in the event of a heat wave, but you shouldtake specific steps to protect your employees and your IT assets, as ex-cessive heat is harmful to both.
The following are recommended steps to protect people from harmduring a heat wave:
• Refrain from engaging in strenuous physical activity.• Remain indoors to the extent possible. If air conditioning is not
available, move personnel to the lowest floor of the building, awayfrom the windows where sunshine will heat the area. Fans won’tlower the room temperature, but they can cool your body by help-ing the sweat to evaporate, so turn the fans on if you don’t haveair conditioning.
Basic Safety Practices 219
• Drink copious amounts of water throughout the day, even if youare not thirsty. Water will help to cool your body and avoid dehy-dration. Avoid alcohol and caffeinated beverages, as they will ex-acerbate dehydration.
• Eat smaller meals more frequently during the day. Heavier mealswill raise metabolic heat as they are digested. Don’t consume salttablets, except on medical advice.
• Wear lightweight, light-colored clothing. Light colors reflect thesunlight and heat; darker colors absorb light and heat.
The consequences of heat exposure are severe, ranging from heatcramps up to heat stroke. The latter, also known as sunstroke, can be fatal,as the body can no longer cool itself. Brain damage and death can re-sult if the body is not cooled quickly. In the case of suspected heat stroke,call emergency medical personnel immediately and move the personaway from the heat into a cooler room. Remove or loosen clothing andapply cool, wet cloths to the skin. If the person is conscious, he or sheshould slowly drink cool water. Let the person rest comfortably untilmedical help arrives.
Less severe symptoms of heat exposure include heat cramps and heatexhaustion. Heat cramps are muscular pains that result from heavy ex-ertion in intense heat. They are an indication that the body is havingdifficulty cooling itself. In the case of suspected heat cramps, move to acooler place, where you can rest comfortably. Drink cool water to replen-ish fluids that have been lost during exercise. Heat exhaustion can strikepeople who work in hot, humid places. Those affected often sweat ex-cessively, and, as blood flow to the skin increases, blood flow to vital or-gans decreases. Hot skin and rapid breathing are symptoms of heat ex-haustion. Left untreated, the condition may worsen to heat stroke. Therecommended treatment is the same as for heat stroke.
Certain of your employees may be at greater risk than others. Youngchildren and the elderly are more vulnerable to heat exhaustion, as arethose who take medications, known as diuretics, which flush water fromthe body. You should be particularly concerned about the risk of heatexhaustion if your business processes result in the generation of heat. Doemployees work with equipment such as commercial printers, or pizzaovens, for example, which raise the temperature of the space in whichthey are located? Do you have adequate air conditioning in yourworkspace? Take all steps necessary to protect your employees.
In the event of a heat wave, you may want to consider giving people
220 Appendix
the day off, or encouraging telecommuting. Although your work facili-ties may be air-conditioned and you may have plenty of water available,your employees still have to commute to and from work. A car that breaksdown on the road on the way to work, or a delayed and crowded subwaytrain, may put a vulnerable employee at risk. I (Donna) used to contractsome work out to a consultant who had a serious kidney ailment. Themedication she took to control her condition was a diuretic and she madeit a practice to carry bottled water with her, as when she was in hot,crowded spaces she often felt light-headed. Whenever the weather wasexcessively hot, I would schedule another time to meet with her, or en-courage her to work from home, until weather conditions improved.We would encourage you to extend to your suppliers the same courtesy,if it is possible. When extreme heat is forecast, ask your suppliers if theywould like to reschedule their appointments with you so that they canavoid traveling to your premises on humid, sticky days. If it is not pos-sible to reschedule appointments scheduled with visitors to your pre-mises, be sure to greet them with cool water to drink and make them com-fortable.
After you have attended to human safety, give some thought to yourIT assets. Earlier in this book, we advised you to attend to the risks of anoverheated CPU (caused by a malfunctioning fan) in order to avoid apossible systems crash. Presumably, you have done so. Now, when you areconfronted with a heat wave and inadequate air conditioning, consider“quarantining” any PCs you believe to be “suspect” until you can verifythat their fans are functioning properly. If you have air conditioning insome rooms but not others, move the PCs to the air-conditioned roomsfor the duration of the heat wave or turn them off if possible.
EARTHQUAKE
We are both aware of measures to prepare for an earthquake, as we bothused to travel to Japan frequently. When you enter a hotel room in To-kyo, for example, you will see an earthquake warning, printed in bothJapanese and English, as you close your door to the hallway. The warn-ing is typically affixed to the back of the door to your room. The warn-ing advises guests that earthquakes and seismic activity are common inJapan and tells them what to do if they should feel the ground shakingat your feet. I (Stefan) was staying in one of the few tall hotel buildings
Basic Safety Practices 221
in Tokyo when an earthquake struck in February 1996. The building was36 floors high, and I was sleeping in my hotel room on the twentieth floor.The movement of furniture in the room woke me immediately andalerted me to the earthquake. I went to the door to read the earthquakesafety instructions that I had noticed, but failed to read, on check-in. Iheard the chaos outside as many people left their rooms in panic in themiddle of the night, while the hotel staff was grouping close together ina secure corner spot in the middle of the building as they had beentrained to do. Some more tremors followed, then it became quiet. Thebuilding continued to move, and for some ten minutes you could hearthe building structure squeaking, a truly frightening experience.
The television news the following morning warned of a possible Tsu-nami wave, hundreds of miles away in the Pacific Ocean, which couldreach Tokyo. The Tsunami did not strike and, to my surprise, when Iwalked through the streets, I saw very little damage. Some fallen tiles,some cracks in some walls, and other barely noticeable evidence of theprevious night’s earthquake. Normal life continued in the city until, a fewdays later, Tokyo was hit by an exceptionally strong snow storm thatdumped several feet of snow and effectively shut down the whole city. Itwas quite an experience, one disaster following another.
Although Japan, California, and other locations along seismicallyactive zones where plates of the earth’s crust come together are recog-nized as earthquake-prone areas, earthquakes can happen in many otherlocales, anytime, without warning. You can reduce the hazards of earth-quakes by bolting heavy furniture to the walls using wall studs and en-suring that cabinets close securely, so that their contents will not spill outand injure someone in an earthquake. I (Donna) have beautiful, but veryheavy, office furniture. For safety, the wall unit, shelving, and chests ofdrawers are bolted to the walls. Although this makes moving in and outmore difficult, it is much safer. Even in the absence of an earthquake,heavy furniture that is filled with files or other items can become unsteadyand collapse. If your business is located in an area that is earthquake-prone, you should consult a structural engineer to determine what youcan do to protect the facility or minimize damage in the event of anearthquake. The newest building technologies are remarkable. We at-tended an exhibit at a museum that featured models of taller buildingsin San Francisco and the various features that the architects designed intothe buildings, such as more flexible frames and counterweights on theroofs, to minimize risk.
222 Appendix
Should you feel the ground move beneath you, remember the fourwords “drop, cover, and hold on.” Drop to the ground, hold on to some-thing sturdy, cover your eyes by pressing your face into your arm, and holdon until the shaking stops. Stay away from windows that could shatter glasson you or heavy furniture that could fall on you. If you are outside whenthe earthquake strikes, try to find a clearing away from buildings, trees,and power lines and then drop to the ground. If you are in a car, driveto a clearing and remain in the car until the shaking has stopped.
Once the shaking stops, check yourself for injuries. There may beaftershocks following the earthquake, so be prepared to drop, cover, andhold on again. Inspect the property for damage. Turn off the gas, if yousmell gas or think there is a risk of a gas leak. (Don’t turn it back onyourself, leave this job to a professional–call your utility company to ar-range to have the gas switched back on.) You may detect a small firefollowing an earthquake; if you are unable to extinguish it yourself, callthe fire department. We have friends who attended school in California,and they actually practiced drills for earthquake response in school.Therefore, they are better prepared than most of us. We recently expe-rienced a relatively minor seismic event in Connecticut, and because wetypically do not associate this part of the world with earthquake risk, wefound that many people did not know what to do. Be sure to share thisinformation with your employees so that they will be familiar with the“drop, cover, and hold on” drill.
TORNADO
Although tornadoes are more common in the Midwestern states, theyhave been reported in all 50 states and in countries throughout the world.Tornadoes are known as “twisters” because tornado winds gust at speedsin excess of 200 miles per hour, destroying everything in their paths.Spring and summer are considered the tornado “season,” but they canhappen at any time of the year. A tornado watch means that a tornado ispossible in your area; a tornado warning means that a tornado has alreadybeen sighted. An approaching tornado sounds like a speeding train.Remain indoors, away from the windows, which could be shattered by thehigh-speed winds. If you are in a high-rise building, try to make it to thebasement safely. We recommend that you avoid the elevators and take
Basic Safety Practices 223
the stairs, as fallen power lines could disrupt the supply of electricity toyour building without warning. If you don’t have sufficient time to go tothe basement or the ground floor, move to the center of the building,which is as far removed from windows on either side of the building aspossible. If you are outside, go to the basement of the nearest sturdybuilding or lie flat in a ditch or a low-lying area. If you are in a car or amobile home, get out immediately.
As is the case with a hurricane, or a flood, remember to bring anyequipment that is outside indoors. I (Donna) have two friends, a hus-band-and-wife team, who are small business owners. They own and op-erate a charming inn in New England. The inn caters to vacationingfamilies and, as such, has outdoor toys, swing sets, picnic tables, barbe-cues, and other items that could get swept up in high winds and causean injury. Their contingency plan calls for the husband to ensure thatthe items on the northern and eastern sides of the inn are brought in-doors when a storm warning is in effect, while the wife is responsible forthe lower-weight items on the southern and western sides of the inn. Byassigning responsibilities this way, they have ensured that nothing will beoverlooked.
Once the tornado has passed, check your premises for damage. Becareful when you leave your premises, as fallen power lines pose a par-ticular hazard. Don’t light matches or use candles, as there may be gasleaks of which you are unaware. Listen to the news reports to determineif it is safe to go home and which areas you should avoid on your com-mute home.
THUNDERSTORM
Darkening skies, flashes of light and increased wind signal an approach-ing thunderstorm. If you hear thunder, the storm is close to you and light-ning is a risk. Take shelter indoors. If you are in a car, roll up the win-dows. If lightening strikes, be careful of conductors of electricity. You wantto avoid the risk of electrocution and also avoid damage to electricalappliances, such as your air conditioner, by power surges caused by light-ning. Use surge protectors for both power and phone lines. Unplug theappliances, turn off the air conditioner, and avoid using the appliancesor the telephone. Shut down your computer systems and switch off the
224 Appendix
printers. Don’t run water or take a bath or shower until the storm is over.Close the blinds and shades to protect yourself from injuries that couldbe caused by shattered glass if flying objects break your windows.
If you are outdoors when the storm strikes, you must take specialprecautions. If you are waterborne, swimming, or boating, for example,get to land immediately. If you are in a wooded area, take refuge underthe shorter trees. Try to go to an open place, away from trees, and dropto the ground and curl into your body. The idea is to make yourself con-sume the smallest amount of area to reduce the surface that could bestruck by lightning. Remember that if you are in a hospitality businessthat caters to many people, you need to take precautions to protect yourcustomers. I (Donna) have friends who own a small motel in New Hamp-shire that has an in-ground pool. When a thunderstorm approaches, theyensure that the guests leave the pool and they padlock the pool to en-sure that no one re-enters. They once had a scare when some children,seeking the thrill of swimming in the rain, entered the pool after it hadbeen closed. Apparently, the parents were not watching the childrenclosely and the children were not aware of the risks of being struck bylightning while swimming in a pool. Fortunately, no one was harmed, butmy friends revised their contingency plan accordingly. (They also keepon hand a supply of movie videos and games to keep children entertaineduntil weather conditions permit them to go outside again.)
If someone is struck by lightning, seek medical help immediately.Administer cardiopulmonary resuscitation (assuming that you are trainedto do so) if the injured person’s heart has stopped beating. Administerfirst aid, if necessary, until emergency medical personnel arrive on thescene.
TERRORISM
Should an act of terrorism occur, you may or may not be called upon toevacuate. Sometimes, terrorists stage acts timed to occur minutes apartto inflict the maximum damage possible on emergency workers arrivingat the scene. Unfortunately, such acts are unpredictable, so you shouldfollow the instructions of your local civil authority with respect to evacu-ation. Communicate with your employees in the manner agreed uponin your contingency plan. Follow the procedures outlined for evacuation:shut down your computer system, turn off utilities, and so forth.
Basic Safety Practices 225
One precaution common to all disasters involves the maintenanceof a disaster supplies kit. The kit might consist of bottled water, a first aidkit, flashlights, battery-operated radios, and other items you might needto cope if a disaster interrupts your operations. I (Donna) have battery-operated radios in my home and my office, and that is how I learned thatBattery Park City residents had been ordered to evacuate the neighbor-hood on September 11, 2001. I passed this information on to my neigh-bors who, like me, were without electricity. I also had on hand a flash-light to guide us down the stairwells. The flashlight wasn’t necessary asour building’s emergency generator provided a very low level of light inthe stairwells that was adequate to get out safely. But it is always better tobe prepared.
Here are a few lessons we learned on September 11 that may assistyou in your developing your evacuation procedures should disaster strike:
• Encourage your employees to consider the needs of their childrenin the event of a disaster. You should discuss emergency planningwith your local school and inform your child’s teachers of who, inthe event of an emergency, is authorized to pick your child up fromschool if you cannot get there. If your children are not in school,you need to agree in advance with your spouse what to do in theevent of a disaster.
• You and your employees, as part of your personal contingency plan-ning, should give some thought to the needs of the elderly in yourfamily and in your neighborhood. If an evacuation is ordered inresponse to a disaster, they may require special assistance. I(Donna) have elderly neighbors who had seen on television theplanes crashing into the World Trade Center, but failed to appre-ciate the consequences for the rest of the community. When I of-fered to assist them in gathering some belongings, walking downmany flights of stairs and walking through the ash to the boats, theywere adamant in their belief that leaving their home for a day ortwo was not worth the inconvenience. I alerted a police officer totheir presence and he explained to them that it was likely to bemore than a few days before they could safely return, that there wasno assurance of when the utilities would be restored, and that therewere other reasons why they should leave. They did, and got outsafely. As part of your disaster response, you and your employeesshould consider the needs of your elderly relatives and neighbors.
226 Appendix
• Anticipate needs for medications and encourage your employeesto do the same. I (Donna) have a chronic medical condition thatis controlled by medication. In fact, I was in a pharmacy in theWorld Trade Center to get my prescription refilled on the morn-ing of September 11, 2001. When I returned to Lower Manhattan,I hoped that another pharmacy in the same chain could providethe refills remaining on my prescription since they have commoncomputer records. Their policies prohibit transferring prescrip-tions from one pharmacy to another, but with my label from theremaining amount of my last prescription, they gave me an emer-gency 30-day supply. My physician was delayed returning fromvacation due to the travel restrictions imposed on September 11,we were without telephone service and it took some time to con-tact my physician to get a new prescription written. The lesson Ilearned, and would like to share with you, is that if you have achronic medical condition, don’t postpone getting your prescrip-tion refilled until your existing supply of medication is nearlyexhausted. In an emergency situation, you could be at risk. Insur-ance companies generally won’t authorize payment for more thana 30-day supply at a time, but now I refill my prescription one weekbefore my existing supply is exhausted.
• Along the same lines, many people have their prescriptions deliv-ered by mail. It is a great convenience, except in September andOctober 2001, when mail was not delivered to Lower Manhattan.I followed the instructions by our postmaster to visit the post of-fice nearest my home to present identification and pick up mailfor my home and to the central post office in mid-town Manhat-tan to pick up business mail that had been held there, but it tookabout two months for mail delivery to catch up with us. If thehealth insurance company that provides coverage to your businessoffers mail order prescription delivery, you and your employeesneed to have a back-up plan in place if mail delivery is interrupted.A visit to the local emergency room is not a good back-up plan,because in the event of a major disaster, there will likely be victimsin urgent need of medical treatment.
• I (Donna) used to travel frequently on short-notice for businessand so got into the habit of always having an overnight bag ready
Basic Safety Practices 227
to go. That is a bit extreme, but you may consider setting aside asmall bag of items that you would need to take with you in theevent you were evacuated from your premises: your telephonecontact information, eyeglasses, contact lenses, prescriptions, andso forth. If you have a small case packed and set aside, it is one lessthing for you to think about when disaster strikes.
• Household pets were a source of anxiety following the September11 disaster. Presumably, you don’t bring your dogs and cats to workwith you, but remind your employees to remember pets at homewhen developing personal contingency plans. Perhaps you havea neighbor with whom you can leave a key to your home for theexpress purpose of taking your pet if an evacuation is orderedwhen you are at work and cannot get home safely. You may haveseen on the television film footage of animal rescue workers try-ing to enter apartments in Lower Manhattan to feed animals thatmay have been left behind. The safety of your pet is one less thingfor you to worry about when you may be operating your businessfrom a remote location.
• I (Donna) was able to send an e-mail to my parents after the WorldTrade Center was attacked but before we lost our telephone ser-vice. I sent the e-mail after being unable to contact them by tele-phone as their line remained busy, which meant that they were onthe Internet. My parents have since switched to an Internet con-nection via TV cable, and I will do the same. It provides an addi-tional contingency in the event that our telephone service is in-terrupted in the future.
We close this section with some information about major disastersthat struck the United States in the year 2001. This list does not includedisasters that struck outside the United States and only includes thosecharacterized by the U.S. government as major disasters. As you can see,major disasters are quite common in the United States. Remember thatthe federal government does not recognize localized disaster events, suchas a fire in a single office building or your computer system’s crashing.These lists should serve to persuade you (if you were not already con-vinced) of the need for a contingency plan for such disasters.
228 Appendix
2001 Disaster ActivityJanuary 1, 2001 to December 31, 2001
Date State Incident
Major Disaster Declarations
01/05 Oklahoma Winter storm01/08 Texas Winter storm01/12 Louisiana Winter storm01/18 Vermont Winter storm02/06 Florida Severe freeze02/23 Mississippi Severe storm03/01 Washington Earthquake03/05 Alabama Storms and flooding03/13 Arkansas Storms and flooding04/10 Massachusetts Storms and flooding04/17 Mississippi Storms and flooding04/27 Kansas Storms and tornado05/02 Iowa Storms and flooding05/10 Illinois Flooding05/11 Wisconsin Flooding05/16 Minnesota Flooding05/16 Maine Storms and flooding05/16 Puerto Rico Flooding05/16 Nebraska Severe storms05/17 Colorado Severe storms05/17 South Dakota Severe storms05/28 North Dakota Floods05/28 Montana Severe storms06/03 West Virginia Storms and flooding06/09 Texas Tropical storm06/11 Louisiana Tropical storm06/17 Florida Tropical storm06/21 Mississippi Tropical storm06/22 Pennsylvania Tropical storm06/29 Oklahoma Storms and flooding07/07 Montana Severe storms07/12 Virginia Storms and flooding08/15 Tennessee Storms and flooding08/15 Kentucky Storms and flooding08/16 D. Columbia Flooding
Basic Safety Practices 229
(continued)
Date State Incident
08/27 Ohio Storms and flooding09/11 New York, Terrorist attack
Pennsylvania09/11 Virginia Terrorist attack09/28 Florida Tropical storm10/12 Nebraska Storms and flooding10/25 Oklahoma Storms and flooding11/28 Puerto Rico Storms and flooding12/05 Guam Earthquake12/07 Mississippi Tornado12/07 Alabama Tornado
Emergency Declarations
01/10 Michigan Winter storm01/17 Illinois Winter storm01/24 Indiana Winter storm01/24 Wisconsin Winter storm03/20 Maine Winter storm03/28 Massachusetts Winter storm03/28 New Hampshire Winter storm04/10 Vermont Winter storm09/13 Virginia Terrorist attack09/19 New Jersey Terrorist attack
Fire Suppression Authorizations
02/18 Florida Lakeland Complex02/19 Florida Caloosahatchee Complex02/19 Florida Okeechobee Complex04/17 Florida Orlando Fire Complex04/18 Florida Myakka Complex Fire04/25 Florida Everglades Complex Fire05/15 Florida Chipola River Complex
Fire05/16 Florida Escambia Complex Fire05/23 Georgia Blounts Pasture Fire05/23 Florida Perry Complex Fire06/03 New Mexico Trap and Skeet Fire07/02 Alaska Red Fox Fire
230 Appendix
2001 Disaster Activity (continued)
Date State Incident
07/06 Nevada Ten Mile Fire07/26 Wyoming Green Knoll Fire07/29 Washington Union Valley Fire08/01 South Dakota Elk Mountain II Fire08/01 Wyoming Elk Mountain II Fire08/09 Nevada Antelope08/14 Washington Brewster Complex Fire08/14 Washington Virginia Lakes Complex
Fire08/15 Oregon Bridge Creek08/15 Washington Icicle Complex Fire08/16 Washington Spruce Dome Complex08/16 Washington Tonasket Complex08/17 Oregon Monument Complex08/19 Utah Mollie Fire08/20 Washington Rex Creek Complex Fire08/20 Washington Mt. Leona Complex Fire08/17 Oregon Monument Complex09/04 Wyoming McFarland Divide Fire11/05 Tennessee Chattanooga Complex Fire11/05 Kentucky E&SE Districts, Kentucky
River Complex
Fires
11/13 South Carolina Long Bay Fire11/15 Tennessee Ridge Crest Fire11/20 Virginia Far Southwest Fire
Complex11/20 West Virginia Southeast and the Trough
and Smoke Hole FireComplexes
11/21 Alabama Northeast Alabama FireComplex
11/21 Virginia Shenandoah Gap FireComplex
Source: Federal Emergency Management Agency, 2002.
Basic Safety Practices 231
(continued)
Finally, we present data to illustrate just how costly major disasterscan be. The following list presents the 40 most costly insured catastro-phes in the world, from 1970 to the present. By this point, we hope wehave persuaded you of the need for a comprehensive insurance program!
InsuredLoss* Year Catastrophe Country
20.2 1992 Hurricane Andrew United States,Bahamas
19.0 2001 Terrorist attacks on the World TradeCenter and Pentagon United States
16.7 1994 Northridge earthquake United States
7.4 1991 Typhoon Mireille Japan
6.2 1990 Winter storm Daria France, UnitedKingdom**
6.1 1999 Winter storm Lothar over WesternEurope France, Switzerland**
6.0 1989 Hurricane Hugo Puerto Rico, UnitedStates
4.7 1987 Storm and floods in Europe France, UnitedKingdom,**
4.3 1990 Winter storm Vivian Western/CentralEurope
4.3 1999 Typhoon Bart Japan
3.8 1998 Hurricane Georges United States,Caribbean
3.2 2001 Tropical storm Allison, rain, floods United States
3.0 1988 Explosion on Platform Piper Alpha United Kingdom
2.9 1995 Great Hanshin earthquake in Kobe Japan
2.6 1999 Winter storm Martin over southwestFrance and Spain France, Spain
2.5 1999 Hurricane Floyd, heavy rain, flooding United States,Bahamas
2.4 1995 Hurricane Opal United States**
2.1 1993 Blizzard, tornadoes North America
2.0 1992 Hurricane Iniki United States, NorthPacific
1.9 2001 Hail, flood, and tornadoes United States
232 Appendix
InsuredLoss* Year Catastrophe Country
1.9 1989 Explosion in petrochemicals plant United States
1.6 1979 Hurricane Frederick United States
1.8 1996 Hurricane Fran United States
1.8 1974 Tropical cyclone Fifi Honduras
1.7 1995 Hurricane Luis Caribbean
1.7 1988 Hurricane Gilbert Jamaica**
1.6 1999 Winter storm Anatol Northwestern Europe
1.6 1999 Series of 70 tornadoes in the Midwest United States
1.6 1983 Blizzards, cold wave North America
1.6 1991 Forest fires spread to urban areas,drought United States
1.5 1974 Tornadoes in 14 states United States
1.5 1973 Flooding on the Mississippi United States
1.5 1998 Wind, hail, and tornadoes(Minnesota, Iowa) United States
1.4 1989 Loma Prieta earthquake United States
1.4 1970 Hurricane Celia United States, Cuba
1.4 1998 Typhoon Vicki Japan, Philippines
1.4 2001 Explosion in fertilizer factory France
1.3 1998 Cold spell with ice and snow Canada, UnitedStates
1.3 1995 Wind, hail, and flooding (Texas,New Mexico) United States
1.3 1991 Hurricane Grace United States
*In billions of U.S. dollars, indexed to 2001.**Also affected neighboring countries.Source: Swiss Reinsurance Company, January 2002. Reprinted with permission.
233
RESOURCES
No single book can address all of the needs of contingency planning anddisaster recovery. We set out with the modest goal to give small businessesthe information they need to develop a framework for a contingency planand to share what we have learned about the planning and recoveryprocesses. We hope that you realize the benefits for your daily businessoperations from contingency planning. We also hope that the informa-tion we have imparted will make you a more knowledgeable consumerof IT and insurance services as you develop your own plans. Certainlymany of our readers will require additional information beyond what wehave presented here. This book is a starting point.
The information in the book is a completely original work, unlessindicated by footnotes to the text. Therefore, we have not included a bib-liography or list of other references. However, we are providing a list ofwebsites where specific details to any service can be found. We stress thatwe do not endorse any of these service providers and cannot guaranteetheir professional quality. Exercise care in determining if a specific ser-vice is appropriate for your business.
Contingency planning should always be viewed as a work in progress;as such, a list of other resources to consult would be subject to constantchange. Therefore, do not treat it as complete. We have chosen to includewebsites that we think represent work with “staying power.” We also havespecified only homepage references because subfolders on websites aresubject to change anytime. For specific disaster recovery information youwill most likely need to navigate through the particular site.
If you are not certain of your exact needs, we recommend startingwith the portal websites or associations. Here we list websites that explainservices, and contain hundreds, sometimes thousands, of links to otherwebsites. Be aware that some portal websites appear to be general innature, but could be associated with specific consulting services, andtherefore will reference only information with regards to other relatedwebsites of subsidiaries or affiliated businesses.
234 Resources
We have deliberately omitted wholesale or retail stores that sell con-tingency planning IT or other equipment because our focus is buildinggeneral awareness of the contingency planning and disaster recoveryprocesses. We are not affiliated with any particular service providers andso will not attempt to sell you any particular products or solutions. Wereyou to search for contingency planning or disaster recovery resourcesthrough an Internet search engine, you would retrieve many thousandsof linked sites. We include only those we thought would be helpful tosmall businesses.
Portals are a gateway to information and, as such, aggregate manysources of material through links to different websites. A portal is a richway to begin the process of researching specific contingency planningneeds, but it can be overwhelming! We recommend the following:
Business Continuity Institute, www.thebci.orgDisaster Center, www.disastercenter.comDisaster Information Network, www.disaster.netDisaster Recovery Information Exchange, www.drie.orgDisaster Recovery Journal, www.drj.comDisaster Resource, www.disaster-resource.comGlobal Continuity, www.business-continuity.com/faqs/faq2.htmlInformation System Security Professionals, www.infosyssec.orgIT Audit, www.itaudit.orgProject Management Online, www.allpm.comProject Risk Management, www.riskdriver.comRisk Management Resource Center, www.eriskcenter.orgRisk World, www.riskworld.com
Many associations make available to their members and nonmembersinformation through their websites. You may find some of these sourcesto be technically oriented for the generalist approach we have adapted,and many have a focus on contingency for large-scale organizations. Insome cases, it may be possible for you to adapt the best practices in con-tingency planning for more complex and sophisticated organizations.Otherwise, as your business grows, these associations may assume greaterrelevance.
American Risk and Insurance, www.aria.orgAssociation of Contingency Planners, www.acp-international.com
Resources 235
Association of Corporate Treasurers, www.corporate-treasurers.co.ukBusiness Continuity Planners Association, www.bcpa.orgBusiness Recovery Management Association, www.brma.comBusiness Traveler Online Association, www.btonline.comDisaster Preparedness and Emergency Response Association,
www.disasters.orgInstitute for Business & Home Safety, www.ibhs.orgInternational Disaster Recovery Association, www.idra.comNational Emergency Management Association, www.nemaweb.orgNational Voluntary Organizations Active in Disaster, www.nvoad.orgPublic Agency Risk Managers Association, www.parma.comPublic Entity Risk Institute, www.riskinstitute.orgPublic Risk Management Association, www.primacentral.orgPublic Utilities Risk Management Association, www.purma.orgRoyal Society for the Prevention of Accidents, www.rospa.co.ukSociety for Risk Analysis, www.sra.orgUK Emergency Planning Society, www.emergplansoc.org.uk
Consulting firms provide specific advisory, and in some cases, imple-mentation services for contingency planning and disaster recovery. Manyconsulting firms make available “thought leadership” documents settingforth their views on best practices in the field. As such, the websites ofconsulting firms often offer provocative materials for you to share anddiscuss with your colleagues.
Accenture, www.accenture.comBinomial International, www.binomial.comCall Centre, www.callcentre.co.ukCigital, www.rstcorp.comCisco, www.cisco.comDavis Logic, Inc., www.davislogic.comDecision Support Systems, Inc., www.globalhub.comDRI International, www.dr.orgEnvironmental Systems Research Institute, www.esri.comFire Trench, www.firetrench.netGlobal Risk Assessment, Inc.,www.grai.comIBM, www.ibm.comNortel Network, www.nortel.comNorth American Emergency Management, www.naem.com
236 Resources
PricewaterhouseCoopers, www.pwcglobal.comRisk Info, www.riskinfo.comRisk Management Information Systems, www.rmisweb.comRothstein Associates, Inc., www.rothstein.comThe Business Continuity Group, www.survive.comUnited Risk Management Consultants, www.unirisk.se
Websites representing organizations with a financial orientation arerelevant to all companies to the extent we are all concerned with thefinancial health of our businesses. For small businesses operating in thefinancial services industry, they are particularly relevant because theirfocus is often on the management of financial assets and liabilities anddiversification of such risks.
Bankruptcy, www.abiworld.orgContingency Analysis, www.contingencyanalysis.comDeloitte & Touche, www.deloitte.comGlobal Association of Risk Professionals, www.garp.comKPMG, www.kpmg.comPricewaterhouseCoopers, www.pwcglobal.comReuters Risk Management, www.reuters.com
Government websites offer a wealth of information that may be ofuse to you. In particular, you may want to visit the website of your localgovernment or municipality for contingency planning that is specific foryour particular area. These sources are especially useful if your businessis sited in a disaster-prone area, such as a flood zone.
Access Washington, www.wa.govBrookhaven National Laboratory, www.bnl.govCanadian Centre for Emergency Preparedness, www.ccep.caCollier County Emergency Management, www.collierem.orgDepartment of Trade and Industry, www.dti.gov.ukDisaster Recovery Institute Canada, www.dri.caEuropean Union Online, www.europa.eu.intFederal Emergency Management Agency, www.fema.govGovernment, Mitre, www.mitre.orgHazardous Materials Information Exchange, www.hmix.dis.anl.gov
Resources 237
Home Office UK, www.homeoffice.gov.ukInternational Trade Agency, www.ita.doc.govNational Emergency Management Association, www.nemaweb.orgOffice of Critical Infrastructure Protection and Emergency Prepared-
ness, www.epc-pcc.gc.caOrganization for Economic Co-Operation and Development,
www.oecd.orgState of Texas, www.dir.state.tx.usUnited States Small Business Administration, www.sba.govUtah Division of Risk Management, www.risk.state.ut.us
You should, of course, visit the website of your insurance companyand familiarize yourself with any particular resources that your insureroffers. Many produce free guides with information on best practices forrisk management. The major reinsurance companies, whose websites arelisted below, invest considerable resources in contingency efforts andmake their research available for free or negligible cost.
Allianz, www.allianz.comAxa, www.axa.comGerling, www.gerling.deInsurance Information Institute, www.iii.orgInsurance Services Office, Inc., www.iso.comLloyds, www.lloyds.comMunich Re, www.munichre.comRisk Management Insurance, www.rmi.gsu.eduSelf-Insurance Institute of America, www.siia.orgSwiss Re, www.swissre.comXL Environment, www.ecsinc.com
In the text, we suggested that you consult with grief counselors andother staff and volunteers of your local Red Cross for free guidance ondealing with the psychological and emotional responses to disaster. Cer-tain cases may require medical intervention. We deliberately kept ourremarks brief, as this is not our area of expertise. You may wish to con-sult the following sources for more information:
The Centre of Crisis Psychology, www.ccpdirect.co.ukUniversity of Illinois Extension, www.ag.uiuc.edu/~disaster
238 Resources
Relief agencies are not-for-profit organizations that offer charitableassistance to those affected by disaster. This is by no means a comprehen-sive list, but it is a good place to start.
Christian Disaster Response International, www.cdresponse.orgDisaster Relief Aid, www.disasterrelief.orgRed Cross, www.redcross.org
Risk management professionals take a holistic view of risk, assessingall risks to the business, irrespective of its source, such as financial risks,operational risks, legal risks, etc. Many of these sources contain informa-tion helpful for benchmarking against best practices.
American Risk and Insurance Association, www.aria.orgInsurance News Network, www.insure.comPublic Entity Risk Institute, www.riskinstitute.orgPublic Risk Management Association, www.primacentral.orgSelf-Insurance Institute of America, www.siaa.orgSociety for Risk Analysis, www.sra.org
Telecommunication companies have devoted considerable resourcesto contingency planning and it is worth investigating what they have tooffer. These sources may offer helpful information.
AT&T, www.att.comBell South, www.bellsouth.comMCI, www.mci.comPacific Bell, www.pacbell.comSprint, www.sprint.comVerizon, www.verizon.com
239
GLOSSARY
Agent A licensed salesperson representing an insurance company to abuyer. An agent also may be a licensed broker.
A.M. Best A rating agency that assesses the financial strength andclaims-paying ability of insurance companies.
Audit The creation of log files documenting how users interacted withyour computer system. It is essential to detect suspicious activities andto determine which records to recover first from a backup based onthe frequency of record usage.
Authentication The verification of the authenticity of either a personor of data, to determine that a message has indeed originated by itsclaimed source. Authentication methods are necessary for all formsof access control to systems or data files and should be periodicallyreviewed for maintaining security.
Authorized An authorized insurance company is licensed to underwritebusiness in a particular state or jurisdiction. Authorized companiesare also referred to as “licensed” or “admitted” companies.
Backbone The backbone of the Internet, high-bandwidth data transmis-sion lines that connect ISPs that, in turn, provide access to you. Typi-cally, an ISP hands over your data to another ISP, then to another ISP,and so on, until the data finally reach a backbone access point. Be-cause the data may have to pass multiple routers on the way to thebackbone, network latency rises, and running applications with a lotof small user feedback remotely (as in a disaster scenario) can be-come nearly impossible. We prefer that you use ISPs that are theoriginal source of connectivity to the network, such as AT&T, MCI,Sprint, UUNET, AGIS, and BBN. But to caution you: we have seen
240 Glossary
that some of these companies also use resellers and intermediariesto provide connections to businesses and consumers alike.
Backup Copies of computer files that can be restored if the need arises.Although users are generally aware of the need to produce reliablebackups, they tend to lapse until they experience a system crash oraccidentally delete some or all of their files. Backup media shouldbe stored at a site physically removed from your office by at least 10miles.
Bandwidth The transmission capacity of data lines, typically measuredin kilobits per second (kbps) or megabits per second (mbps). Band-width is not guaranteed for any transmission over the Internet.
Basic form coverage An insurance coverage that protects your businessagainst fire, plus extended coverage, consisting of lightning, explo-sion, windstorm or hail, smoke, aircraft or vehicles, riot or civil com-motion, vandalism, sprinkler leakage, sinkhole collapse, and volca-nic action.
BCP Business continuity plan. Large organizations typically produce anelaborate plan to ensure that the essential business functions of theorganization are able to continue in the event of a disaster. The BCPis usually combined with a disaster recovery plan (DRP) that dealswith the immediate crisis to secure the health and safety of peopleand limits further damage to equipment. The DRP hands over theresponsibility to the people who execute the BCP. The BCP will iden-tify the critical people needed, their functions, and other systems andinfrastructure needed to run a small emergency business operationand how to reestablish all the business functions. For small businesses,although disaster planning is important, it does not need to be for-malized in large BCPs and DRPs because immediate business conti-nuity is typically of lesser concern. We prefer simple but effectivechecklists of “to do” items for each person assigned in the event of adisaster.
Broad form coverage An insurance policy that covers basic fire, ex-tended coverage and breakage of glass, falling objects, weight of snow,ice, or sleet, and water damage.
Broker A licensed salesperson representing the buyer to the insurancecompany. A broker also may be a licensed agent.
Glossary 241
Business interruption Business interruption is an insurance that re-places lost income to cover fixed business expenses when a businesshas not yet resumed operations following an insured property loss.
Business owner’s policy A business owner’s policy is also known as apackage policy. It combines property and liability coverage in one in-surance policy for a small business with affordable premiums.
Cable modem Cables that transfer television signals are well suited forcarrying other high-frequency signals because of their shielded con-struction. Therefore, cable television companies can add a data sig-nal on their existing cable infrastructure and offer Internet services.A cable modem is able to convert these high-frequency signals intoan actual digital data stream. Internet access via cable TV is especiallyinteresting for households that typically have a cable TV box alreadyinstalled. But Internet via cable is not usually available in commer-cial districts. DSL or dedicated data lines, like T-1, are the preferredoptions.
Casualty insurance Casualty insurance is more commonly known as li-ability insurance. It protects the assets of your business against claimsof negligence or wrongdoing.
Centrex Basically the same as a PBX, but in this case the phone systemis located at the phone company that offers similar functionalityunder the name Centrex.
Commercial auto Commercial automobile is a line of insurance thatcovers company-owned vehicles for both liability and physical dam-age.
Contingency The additional effort to be prepared for unexpected orquickly changing circumstances. Typically a business continuity planis developed with the hope it won’t be put into use. It is importantthat such plans are not just theoretical papers, but actions that canbe executed and tested even in nondisaster situations.
Data recovery Unlike data restored from a backup, data recovery re-fers to the process by which specialists using utility programs and disksoftware tools can “undelete” files that have been deleted acciden-tally or have been lost due to a hardware malfunction or a softwareissue. It is a time-consuming process with an uncertain outcome and
242 Glossary
you should not rely on it. Rely on the restoration from your backupsinstead.
Data restoration The process of restoring data from backup media. Wehave seen many people who made daily backups, but never attemptedto retrieve their stored data. It can indeed become a little tricky ifyou are using backup software with proprietary formats and differ-ent generations of tape drives. We recommend that small businessesuse backup mechanisms that are as simple as possible, such as theuse of an additional hard disk as backup media that contain an ex-act copy of the primary disk from the prior day. Occasionally a backupcan be made from these hard disks in the form of a disk image andstored remotely, such as via a server on the Internet. A disk image isonly proprietary to the file system in use, not to any application.Restoring files should always be done in a temporary space until youcan verify that all data have been restored correctly. Otherwise, youmight overwrite important changes that you or someone else recentlymade to your current file system.
Data safe A special safe made of heavy, fire-resistant, tamper-resistant,magnetically inert materials. Data safes are designed for the safe-keep-ing of computer media, and important to have if you have vital busi-ness information that should be protected and cannot be copied todifferent places.
Deductible The deductible is the amount of losses a company must paybefore its insurance policy pays a benefit.
Dial-up Refers to connecting a device to the Internet via a modem. Mo-dem dial-ups can include security features like call-back.
D&O Director’s and officer’s liability insurance provides coverage inthe event that directors and officers become personally liable for theiractions on behalf of a company they serve.
Disability insurance Disability insurance replaces earned income toworkers who are unable to continue their employment due to injuryor illness.
DMZ Demilitarized zone. A separate sub-network, typically directly at-tached to a firewall that shields off the main corporate network andits systems, but allows external parties from the Internet to gain ac-cess to systems in the DMZ.
Glossary 243
DRP See Business continuity plan (BCP) above.
DSL Digital subscriber line. DSL uses a high-frequency signal that is su-perimposed on the analog, lower frequency, voice signal. While regu-lar analog modems use only the voice signal, DSL modems use thehigher frequency, and can therefore transfer data at a much higherrate. For a phone wire to be able to carry a high-frequency signal, itmust be in top working condition, and not more than one mile inlength. There are various modifications of DSL. SDSL supports asymmetric data flow, which means that the ingoing and outgoingbandwidth is the same. ADSL has a much higher downloading band-width and is therefore especially suited for web browsing. DSL usu-ally does not come with guaranteed uptime, and thus is generally lessreliable than a real data connection, such as a T-1 circuit. Also, DSLdata traffic is typically handed over through many parties until it fi-nally reaches an Internet backbone connection; thus, network latencycan be an issue on DSL lines.
Employee practices liability Insurance for companies that provides pro-tection in the event of employment-related lawsuits, such as claimsof wrongful termination, sexual harassment, and so forth.
Encryption Data encryption is a means of scrambling the data so thatit can only be read by a person who has a “key,” such as a password.Without it, the cipher cannot be broken and the data remain secure.Often, the public key method is used. It uses a public key known toeveryone and a private or secret key known only to the recipient ofthe message. When Donna wants to send a secure message to Stefan,Donna uses Stefan’s public key from his website to encrypt the mes-sage. Stefan then has to use a private key that belongs to the publickey. Only with the private key is it possible to decrypt the message.The beauty of the solution is that anyone can send confidentialmessages to the receiving end, without having to communicate firstwith that person. This method is also often called asymmetric encryp-tion because it uses two keys instead of one. Symmetric encryptionthus uses only one key that both parties need to know in advance,which implies a higher security risk.
Endorsement An endorsement is a written provision that modifies aninsurance policy. An endorsement may add coverage for a specificperil, exclude coverage for a specific peril, or specify under which
244 Glossary
conditions losses arising from a specific peril will be covered underthe terms of the policy.
Ethernet A network technology that enables data to travel at 10, 100,or 1,000 megabits per second. It requires Ethernet cards on each con-necting device. So-called CAT5(e) cables are used when wiring anoffice using 10 Base-T Ethernet running on twisted pair cables. Patchcables are used to connect the cables from the office connectionplugs to the network components. Patch cables look like phonecables but they are typically thicker and the modular RJ-45 plugs atthe end are slightly larger.
Excess and surplus lines Insurance underwritten by insurance compa-nies that are not licensed to do business in the policyholder’s state.
Fallback procedures Fallback procedures are particular business pro-cedures and measures, undertaken when events have triggered theexecution of either a business continuity plan or a contingency plan.
FEMA Federal Emergency Management Agency, an agency of the U.S.federal government that provides assistance to counties that havebeen declared disaster areas by the President.
Firewall A system designed to prevent unauthorized access to or froma private network. Firewalls can be implemented in both hardwareand software, or a combination of both. We recommend stand-aloneunits as firewalls, or solutions that are incorporated into network com-ponents, like routers, to have created the least dependency from amore complex system, like a PC. Firewalls are frequently used toprevent unauthorized Internet users from accessing private networksconnected to the Internet, especially intranets. All messages enter-ing or leaving the intranet pass through the firewall, which examineseach message and blocks those that do not meet the specified secu-rity criteria. You can also have a keyword block on it, preventingchildren from accessing adult material.
HA High availability. Availability refers to the guarantee that is giventhat a particular system and the data on it are available for use whenneeded. Today, many systems require HA setups. Think about e-mailand web servers. Those systems should be located at data centers thatcan provide the required support. Sometimes HA also refers to asystem that is available at just one particular time during each day.In general, however, HA refers to full 24/7 uptime guarantee.
Glossary 245
Hacker An individual whose primary aim is to penetrate the securitydefenses of sophisticated computer systems. “Benign hackers” arerelatively rare. Most unauthorized access can be traced with intrusiondetection systems.
IDS An intrusion detection system inspects all inbound and outboundnetwork activity and identifies suspicious patterns that may indicatea network or system attack from someone attempting to break intoor compromise a system.
Insured A person or corporation entitled to receive benefits under theterms of an insurance policy. The named insured refers to the poli-cyholder.
Internet A global network connecting millions of computers, createdas ARPANET in 1969 by the U.S. Army, to be a “self-healing” com-munications network in the event of a serious attack on the UnitedStates. That makes it valuable for disaster recovery purposes. Evenduring the September 11, 2001, World Trade Center attack, althoughcountless communication lines were severed, the Internet in Man-hattan was completely functional. The Internet evolved from thisoriginal network and is now controlled by regular businesses thatprovide the fast backbone communication lines. Over 100 countriesare directly connected to this network, which is decentralized bydesign. Each Internet computer, called a host, is independent. Itsoperators can choose which Internet services to use and which ser-vices to make available to the global Internet community. You use anISP to connect to the Internet.
ISDN Integrated services digital network, an international communi-cations standard for sending voice, video, and data over digital tele-phone lines or normal telephone wires. The 64-kbps data line is thebase connection for all telephone and data communication lines.When you order ISDN service, you typically get two of these lines,both running over the same telephone wire, allowing you to accessthe Internet at 128 kbps. Or you can use one line for voice and theother for data. You need to have an ISP that accepts connections viaISDN. ISDN is still a good solution in areas where DSL or cable TVmodems are not yet available and high-bandwidth data lines are toocostly.
ISP Internet service provider, a company that provides access to the
246 Glossary
Internet. For a monthly fee, the ISP provides you with dial-up or afast modem configuration, software that configures your system, anda username and password for authentication purposes. The ISP alsotypically provides you with an e-mail address and often access to yourpersonal web service. We strongly recommend not using either ofthem. If your ISP service fails in a disaster, or you simply want tochange your ISP, you are out of luck, because these services are typi-cally only accessible when connected through that particular ISP.
Key person insurance Key person insurance pays a benefit on the eventof death or incapacitation of an owner or “key” employee of a busi-ness.
Latency The time it takes for a theoretical zero-length data packet tomove from source to destination across a network connection. Whilea packet is being sent, there is “latent” time, where the sending com-puter waits for a confirmation that the packet has been received.Latency and, for large data packages, network bandwidth are the twofactors that determine your connection speed.
LCD Liquid-crystal display. LCDs are thin and flat displays that are usedin a variety of products, from small portable devices, laptop computerscreens, to desktop displays. LCDs use much less power than tubemonitors, and can therefore extend the time a system can run onbatteries. It has a lifetime about twice that of a regular monitor andthus fails less frequently.
Leased line An “always-on” network connection between two points setup by a phone company. It can transfer both voice and data signals.Such connections are used by large companies to connect theirworldwide offices, and allow them to make phone calls and exchangedata within the company at a fixed price per year depending on therequired bandwidth and the work required at both end locations.Today it is often replaced with a VPN connection over the Internet.However, the Internet does not have a guaranteed bandwidth onwhich you can depend, but leased lines do. If you live in a majormetropolitan area, you can often get leased lines between two officeswithin the city at attractive prices.
Liquidity Liquidity refers to ready availability of cash and cash equiva-lents. A company that has ready access to cash, for example, is liq-uid. A company that has little cash and must sell assets, such as real
Glossary 247
estate, to generate cash is said to be illiquid. In recovering from adisaster, a liquid business is at an advantage because it does not haveto sell illiquid assets to generate cash to cover disaster-related ex-penses.
Linux Linux (<lee-nuks>) is an operating system developed by LinusTorvalds, whose source code was freely distributed, and many peoplecontributed to it. While initially an operating system for computerenthusiasts, it is now widely accepted as a cost-effective substitute forother operating systems, especially for server platforms. Today, youcan buy IBM servers with Linux preinstalled, unthinkable 10 yearsago. Linux runs on a wide variety of processors from different manu-facturers, such as Intel and Motorola.
Media The items that store computer data, either fixed, built-in, or re-movable. Examples are hard disk, diskette, CD, ZIP, magnetic tapes,and so on. Each of these has its own community of fans, so you willfind varied opinions on when to use which media. For data backupsyou should note that CDs have the longest storage time of up to 100years for archival CDs. Consumer CDs last about 30 years.
Mirroring When you mirror data, you write the same data to two ormore devices at the same time. You need this additional resiliencemany times for disaster preparedness. You can do this manually, oryou can use RAID systems that automate the mirroring process.
Modem Stands for modulator-demodulator. It allows the transfer of digi-tal data over regular analog telephone lines. Modems are rather slow,but offer the advantage that phone lines are maintained by the phonecompanies with high priority in case of disasters, and modems workvirtually anywhere in this country and around the world. Transferringdata at high modem speeds (e.g., 56 kbps) requires a high-qualityconnection.
Monoline policy A monoline insurance policy provides a single line ofinsurance, such as liability or automobile insurance.
Murphy’s Law The original Murphy’s Law reads: “If there are two ormore ways to do something and one of those ways can result in acatastrophe, then someone will do it.” The term originated with E.A.Murphy, Jr., who was working for the U.S. Air Force in 1949 and madethis statement with regard to an experiment that he was working on
248 Glossary
when many unlikely failures occurred until he finally succeeded. Theterm “Murphy’s Law” spread quickly within the aerospace commu-nity and is today often used to highlight the possibility that an un-likely event can occur.
Network A network is two or more connected computers that are ableto exchange data. Typically, you will connect today’s computers via100-mbps Ethernet cables.
NFIP National Flood Insurance Program. Insurance coverage for floodsprovided by the Federal Emergency Management Agency.
Nonowned automobile coverage An insurance policy that covers the li-ability of a business for any damage caused when employees of thecompany use their personal automobiles for business purposes.
OEM Original equipment manufacturer. Many PC sellers buy the sameOEM products, but build them into different housings labeled withtheir own brand name. Therefore, it does not really matter if youprefer buying PCs from Dell, HP, Gateway, Compaq, or other brands.Inside the box, they are very much the same. Your choice of the PCsupplier should depend on your individual needs, such as for tech-nical support or specific usage requirements.
PABX/PBX Commonly called a phone system, but the abbreviationstands for private automated branch exchange. It is a unit that allowsyou to make internal phone calls and share your actual phone linesamong various employees. If you have one, you need to think abouta UPS unit to ensure that some basic functionality will be available ifyou have an electrical power outage.
Package policy A package policy combines two or more monoline in-surance policies to cover two or more lines of insurance for a singlepolicyholder.
Partition Before you format your hard drive, you need to decide in howmany logical sections you want to divide it. This is important for per-formance reasons, and you might have different file systems on dif-ferent partitions. Each partition shows up as a separate logical diskdrive.
Peril A peril is a cause of loss, such as fire or earthquake.
Physical security You need to have these protection measures in place
Glossary 249
that will safeguard your assets in case you have to evacuate your build-ing, and you are not certain when you are able to return, and whowill have access to your files. There are various forms of equipmentthat protect your assets against fires, tampering, theft, or vandalism.
Policyholder The person or business whose name appears on the in-surance policy.
Premium The payment a company makes to obtain insurance coveragefor certain risks.
Property insurance Property insurance protects the physical assets ofa business against the risk of fire, theft, and other perils.
Professional liability insurance Professional liability insurance providescoverage against claims of malpractice or negligence brought againstprofessionals, such as physicians, engineers, lawyers, or architects, asthey render their professional services.
RAID Redundant array of independent disks. RAID allows you to storeyour data automatically over various physical hard disks. Logically,however, these disks will only appear as one drive to the user. RAIDsystems can be used for performance enhancements, but they aretypically used to protect data from hard disk failures. If a hard diskfails, you can simply exchange it, and your RAID system will rebuildthe data on that hard drive with the information from the other disks.They have been in use for a long time by data centers, but in the pastcouple of years, low-cost PC cards have been introduced that allowyou to have your own inexpensive RAID system in your PC.
RAM Random access memory. The memory of the computer that holdstemporary data accessible at high speeds. You want to have sufficientRAM for your particular use of your PC for optimal performance. Toolittle RAM, and your computer is really slow because it has to writeand read data from the hard disk. When buying a computer, it isgenerally a good idea to double or triple the RAM that is offered inits original configuration.
Recovery The process by which utility programs and disk software toolscan “undelete” files that have been deleted accidentally or have beenlost due to a hardware or software issue. It is a time-consuming pro-cess with an uncertain outcome, and you should not rely on it. Relyon your backups instead.
250 Glossary
Resilience Resilience refers to the ability of a system to withstand ad-verse conditions and remain stable.
Restore We have seen many people who made daily backups, but neverattempted to retrieve their stored data. It can indeed be a little trickyif you are using complex backup software, or certain tape drives.Therefore, we recommend that small businesses use hard disks asbackup media that hold an exact copy of the original disk. Occasion-ally, a backup can be made from those hard disks in the form of adisk image that does not use a proprietary format. Restoring filesshould always occur in a temporary space first, until you can checkthat all data have been correctly restored. Otherwise, you might over-write important changes that you recently made to your original filesystem.
Rider A document referenced in the insurance policy that amends theoriginal policy.
Router A device that determines if data on the network are intendedfor an outside network, such as the Internet, and therefore passedon to it. You can use routers for access control, auditing, and keep-ing statistics on your network traffic. Consumer and small businessunits most often include firewall functionality.
Server A computer that shares the information stored on it with othercomputers in the network. There are many types of servers, such asmail servers, web servers, and so forth. Most of them belong in a pro-fessionally managed computer center. In most instances, a smallbusiness needs only a file server on which to back up data. Whenbuying a server, the price of a server configuration is usually justifiedcompared with a desktop PC. Servers often use dual processors, high-bandwidth bus systems, and fast hard disks.
Shareware Shareware refers to programs that are free to download fromthe Internet and that usually come with an evaluation period of about30 days. After that time, if you like the program and would like tocontinue to use it, you can purchase the full version often directlyover the Internet. Choose and try as many programs as you like, andthen decide which one works best for you. Shareware programs areusually best when you look for small system utilities, such as file syn-chronization tools. You may wish to look at www.tucows.com orwww.shareware.com.
Glossary 251
Special form coverage An insurance program that provides basic andbroad form coverages and other losses that are not specifically ex-cluded from the policy.
Software inventory A detailed list of all software licensed to the orga-nization, cataloging the license numbers, program name, version/release number, cost, locations of installation, and the employeesauthorized to use this software. The software inventory should be partof a large asset control mechanism. You will need the software inven-tory for auditing purposes and to claim insurance benefits in theevent of disaster.
Stability A computer that is unreliable because it does not operate ina stable manner is a nightmare for users and system administratorsalike. Computers become unstable for a variety of reasons caused byeither software or hardware. You would see the system simply crash-ing, or freezing, or hanging in an infinite loop. Typically, you haveto restart the system and you lose all the changes that you made ona document since the time you last saved it. It is a good idea to useonly operating systems that are used in large deployments, and in-stall only compatible applications.
Surge suppressor An electrical device that protects electronic equip-ment from surges in electricity. It contains a fast-reacting circuitbreaker, and usually you must replace the whole unit after a surgeevent.
System administrator The individual who manages a computer systemto provide services to users on a day-to-day basis. It is not a good ideato use generic or built-in administrative accounts. You should alwaysuse administrative rights that you assign to user IDs to allow audit-ing of who made which changes.
T-1 A dedicated data line that transfers digital signals at 1.544 mbps. AT-1 line can support about 50 people browsing the Internet, depend-ing on usage, fewer if you are running a busy web server internally.A T-1 connection is about five times the price of a similar DSL con-nection. However, the greater stability and reliability justifies the extraexpense. In rural areas, T-1 lines are assessed surcharges accordingto the distance to the next data communication center. Often youhave the opportunity to share a T-1 line with several businesses
252 Glossary
around you, called fractional T-1 access, something that might be acost-effective solution for your small business.
T-3 A T-3 is about 30 times faster than a T-1 line and supports a datatransfer rate of about 44 mbps and bundles 672 individual data chan-nels at 64 kbps each. Large companies and Internet backbone pro-viders use these lines.
Tape drive Tape drives are primarily used for backing up data. The driveacts like a tape recorder, reading data from the computer and writ-ing it onto the tape. Since tape drives have to scan through lots oftape just to read small amounts of randomly scattered data, they areslow for retrieving specific data. This is why they are used almostexclusively for data backup. However, reasonably fast tape drive de-vices are fairly expensive, so a tape drive makes sense only if you arestoring hundreds of gigabytes of data.
Umbrella policy An umbrella policy provides excess liability protectionto a business and pays a benefit to the insured only when the limitsof the basic, underlying insurance policy are exhausted.
Unauthorized An insurance company not licensed in a state or jurisdic-tion is an “unauthorized” or “unlicensed” or “nonadmitted” insurer.
UNIX The UNIX operating system was created in the 1960s at BellLaboratories. It became popular in the 1980s for scientific comput-ing. Since Internet hosting is often done on UNIX machines, theplatform gained popularity in the 1990s. There are a variety of UNIXderivative operating systems available. They all are known for theirexcellent performance and stability.
UPS Uninterruptible power supply. You should have at least one UPSunit that ensures that a critical piece of hardware has continuouspower during a power outage. The UPS unit will initiate an orderlyshutdown of the hardware shortly before its battery is depleted.
Version control Version control has been used for software developersfor decades. Now it is also often used in companies to include ver-sion control of documents written by a group of people. The advan-tage is that you can always roll back to an earlier document statebecause version control systems store the changes that you made toa base document. From time to time, you want to rebuild the basedocument to incorporate all changes to date and to reconcile con-
Glossary 253
flicting changes that might have been made independently by twoor more work groups.
Voice mailbox It works like an answering machine, but the message isdigitally recorded by a third party and sent to your e-mail address viathe Internet. It is essential that you have at least two such services inplace so that you can listen to your messages from any Internet ter-minal, even if your office has been destroyed in a fire, for example.
VPN Virtual private network. It is an emulation of a private networkover the Internet using sophisticated authentication and encryptionmethods combined with a “tunneling” network protocol.
Workers’ compensation Workers’ compensation provides a benefit toworkers who have experienced a job-related accident or illness. Theinsurance pays for medical costs and disability income to the injuredworkers as well as death benefits to the dependents of a worker whosedeath was job-related.
ZIP In the context of this book we use the term “ZIP” to refer to a prod-uct from Iomega. The company makes a removable storage devicecalled a Zip drive. It holds 100- and 250-MB Zip disks, and has a widedistribution. Zip drives are less frequently used for backup, but areoften for transferring large files or to keep data stored at a securelocation when not in use.
255
INDEX
A
Agent, 87All-risk policies
definition, 76misnomer, 180
American Express, xviiiAmerican Red Cross
counseling assistance, 128–129data on small business recovery,
xxiiisafety resources, 9training courses, 211–12
Anthraxdefinition, 17exposure routes, 17–18symptoms of exposure, 18
Aon Corporation, xviiiApple Computers, 44Arbitration, 158–159Assessment process, 11
B
Bank of New York, xxiiBasic contingency, 192Basic form coverage, 76Boiler and machinery insurance, 135Broad form coverage, 76Broker, 87Business assets
definition, 5inventory, 75
Business interruption insurancedefinition, 85–86endorsement, 85
lessons, 174–180securing coverage, 157–163
Business owner’s policy, 74
C
Cables, 100Catastrophe, 108Cellular phones, 53–54Centers for Disease Control (CDC),
19Cipro®, 19Compaq, 44Consultant, 87Corporate Response Group, xxvCredit bureaus, 21–22Critical functionality, 38
D
Dell, 44Demilitarized zone, 69Dianne Sawyer, 60Director’s and officer’s liability
(D&O) insurance, 82–83Disaster
definition, xxiiifrequency, 1major disasters, 228–232relief programs, 119–131supplies kit, 225unemployment assistance, 128
Documentsclassification, 62–63version control, 98–99
Dow Jones, xix
256 Index
E
Earthquakes, 220–222Economic Injury Disaster Loans,
122–128Economics of the insurance cycle,
164–172Emotional responses, 182–190Employee displacement, 118–119Environmental hazards
definition, 7preparation for, 59–64queries, 30recovery from, 148–149response to, 102–103
Equifax, 22Equipment failures
data backups to prevent, 39–42definition, 6equipment failures, 29equipment quality, 44–48Network reliability, 43–44preparation for, 35–38recovery from, 144–146response to, 99–101
Excess and surplus lines, 89
F
Federal Emergency ManagementAgency (FEMA)
declaration of disaster, 118–120notification, 9
Federal National Mortgage Agency(Fannie Mae), 120
File synchronization tool, 35–36Fires
definition, 7evacuation procedure, 214–215preparation for, 64–68queries, 30recovery from, 149response to, 103
safety practices, 215–216Firewall, 69–70Floods, 216–217Foreclosure, 120Foreign Corrupt Practices Act of
1977, 2FreeBSD, 35
G
Gateway, 44
H
Hacker attacksprotection against, 68–70
Hard diskreplacement warranty, 42
Heat waves, 218–220Hewlett-Packard (HP), 44High-availability (HA)
configuration, 37Hired automobile coverage, 81Home officeinsurance, 81IT setup, 194–199Housing and Urban Development
(HUD), 130Human Errors
data backups, 33–36definition, 5preparation for, 31–32queries, 29recovery from, 143–144response to, 98–99user training to reduce,
32–33Hurricanes, 217–218
I
Important functionality, 38Information technology
assets, 15disaster-related losses,
Index 257
xviii-xxiinspection of, 109sample solutions, 191–208
Info-stress, 19Institute for the Future, 19IBM, 44Implicated policies, 113–115Individual and Family Grant
Program, 124Internet Service Provider (ISP), 49–
52ISDN, 57
J
J.P. Morgan Chase Manhattan, xxiiJohnson & Johnson, xxiiiJustGive, xiii
K
Key person insurance, 83
L
LCD display, 46Leasehold insurance, 181Liquidity management, 155–156Linux, 35, 40Loss mitigation, 104–106
M
Mailhandling procedures, 16–26mailing lists, 21mail preference services, 20postal meters, 22x-ray screening and, 25
May Davis Group, xix, xxiMean-time-before-failure (MTBF), 45Military Reservist Economic Injury
Disaster Loan, 125Mold, 7
Morgan Stanley, xixMurphy’s Law, 57–58
N
National Association of WomenBusiness Owners (NAWBO),88–89
National Federation of IndependentBusiness (NFIB), 88–89
National Flood Insurance Program,89
Negligence, 79Network administrator, 71New York City Partnership, xviiNew York Property Insurance
Underwriting Association, 90Non-owned automobile coverage,
80–81Nonprofit sector, xxivNotice, 104–107
O
Occupational Safety and HealthAgency (OSHA), 9
Oppenheimer Funds, xxOptional functionality, 39Original equipment manufacturer
(OEM), 47
P
Passworduser accounts, 63–64security, 71
Pentium chip, 46Perils
definition, 75endorsements, 76
PowerPC chip, 46Property-casualty insurance
definition, 76, 79endorsements to, 76
Property restoration, 190
258 Index
R
Reconstructing insurance policies,115–118
Redundant array of inexpensivedisks (RAID)
alternative methods, 41configuration, 40mirroring functionality, 40–41
Remote operationsstage one, 60–62stage two, 67–68
Replacement cost, 78Resolving insurance disputes, 151–
157Resources, 233–238Restricted access documents, 63Risk management, 90–92Robust contingency, 192
S
Sabotagedefinition, 8queries, 30recovery from, 150response to, 103
Securing coverage, 110–113Securities and Exchange
Commission (SEC), xxiService Corps of Retired Executives
(SCORE), 87–88Small Business Administration
disaster criteria, 121Economic Injury Disaster Loans,
122–128employment capacity, xxiiIndividual and Family Grant
Program, 124lending criteria, 126–128Military Reservist Economic Injury
Disaster Loan Program, 125regional offices, 123–124
Social Security Administration, 114Space shuttle, 37
Stakeholder communication, 131–134
Standard market, 89Strand Bookstore, 52Sun Microsystems, 44Supply chains, xxiiSystem partition
backup, 41System security
document retrieval, 62–64
T
T–1 circuit, 58Terrorism
definition, 8queries, 30recovery from, 150response to, 103
Third-Party Failuresdefinition, 6electrical power, 55–56preparation for, 49–52queries, 30recovery from, 146–148response to, 102telephone service, 52–54
Thunderstorms, 223–224Time deposits, 125Tornadoes, 222–223Trans Union, 22Triggering event, 159Trojan horse, 70TRW, 22Tylenol®, xxiii
U
Unemployment assistance, 128UNIX operating system, 35, 40, 48Uninterruptible power supply unit
(UPS), 56U.S. Food and Drug Administration
(FDA), 18User Training, 32–33
Index 259
V
Version control system, 98–99Virtual Private Network (VPN),
62Voice mail, 54
W
Windows 2000suitability, 35robustness, 48VPN functionality, 62
Windows XPsuitability, 35
robustness, 48VPN functionality, 62
Workers’ compensation insurancedefinition, 81reducing costs, 82
World Trade Centerattacks on, xveconomic losses following
terrorist attacks, xviismall businesses and, 12
