Pandemic Planning as Part of Business Continuity Planning
Pandemic Planning and BCP - The average company that spends about 1.5% (varies by industry) of its revenue on IT. Personnel expenses account for the largest segment of the IT operational budget. Considering both employees (43%) and outside contractors (7%), the average cost of personnel in the IT operational budget is about 50% according to Computer Economics. The majority of the IT staff spends approximately 80% of their time on:
- Application maintenance and support
- QA and testing
- Application development and migration
- Technical and database support
- Helpdesk support
The remaining time is spent primarily on desktop, network and security support. Moreover, the average IT operational budget for application software is about 14.5%. 70% of the average application software budget is spent on application maintenance and support, while about 30% of the application budget is spent on new development.
In Business Continuity and Disaster Recovery Planning when a pandemic occurs the processing centers many exist, however staffing may not be available.
The Disaster Planning and Business Continuity Planning processes need to make the user and business operating experience as similar as possible so that the work environment is the same in the remote site (often home) as in the office. A key requirement is to increase remote access capabilities and to:
- Define necessary staff levels for critical business processes
- Identify who can work remotely and who has to be in the office
- Validation of vaccinations for key staff members
- Identify the lights out processing issues for computer operations staff
- Identify the network and remote access capacity requirements - what percent of workers do you need to be on the system for the enterprise to continue to operate
- Train and test of users and IT staffs in how to operate from remote locations
Require key employees to work from remote site at least once a month
- Validate broadband capacity to remote sites (home users)
- Have copies of disaster plan available in remote site
- Put in place process for the synchronization of OS system patches and VPN updates - if the workstations are not used frequently disable the auto update features for security updates but maintain a process to see that they workstations are up-to-date.
- Define specific requirements for security and PCI-DSS when the disaster plan is activated for a pandemic.
- Define change management and version control processes to be used and how they will be controlled during the pandemic.
Security Risks Magnified With Staff Reductions
The question of what to do with unused IT equipment is a rapidly growing security problem for many companies hit by the recession and the accompanying layoffs. Countless desktops, laptops, servers and hand-held devices are lying around -- often with sensitive data on them -- gathering dust in cubicles, in stockrooms or on vacant desks. At the same time, software licenses, notoriously easy to lose track of, are also piling up. Many IT functions are under funded as enterprises drive for improved productivity and expense reductions. Decisions are made on in a spirit of making do. For example, Since no one is using the abandoned offices and equipment there is no risk...
When an organization is in survival mode, resources are being husbanded and everyone's working flat out, it takes a strength and leadership to say "no, not good enough" to something that is apparently working well. It is also difficult to justify more spending with no direct effect on revenues, and to demonstrate that something that seems optional is in fact required.
Responsibility for security and disaster recovery planning cannot be abdicated. It is hard enough for an organization to recover from a serious security breach at the best of times. These are not the best of times. Argued from the context of minimizing risk, the value of doing it right is clear. Make sure you're equipped to win that argument.
In many enterprises, CIOs are perceived as mere technology managers, while in reality they should be viewed as business leaders. The CIO's focus should be on reducing costs and improving profitability through the strategic usage of IT. It is very important for the Information Technology organization to get out of a transactional mode. If the CIO has the right infrastructure in place, then the CIO can help in directing the strategy of the enterprise, and even shape its destiny. The CIO brings his own perspective, and without them, enterprises cannot build a robust
The CIO Infrastructure Tool Kit is comprised of a collection of Janco products that CIOs and Directors' of IT can use to create a strategy and manage in today's interesting times.
Many CIOs are looking for ways to reduce expenses -- some eliminate staff others look for areas where usage costs can be reduced. Areas where many successful CIO focus are:
- Reducing power/cooling costs - IDC, the research firm, estimates that for every $1.00 spent on new servers today, an additional $0.50 is spent on power and cooling. In 2010, that ratio is expected to be $0.70 per $1.00 spent for new servers. Begin by turning off servers not being used and replacing older high power consumers and high heat producers with newer more efficient ones.
- Reducing complexity - Consolidate multiple operating systems onto fewer servers. This will reduce operational risk and operational costs that are linked to managing so many servers. Clustering will benefit by having the option of "failing over" workloads to virtual servers, reducing the operational costs of deploying standby physical server machines that run in a "passive" mode rather than an "active" mode. Taken together, these approaches improve the responsiveness of IT systems and of the people who access them across the business, ensuring high levels of availability, reducing business risk, and operating expenses.
- Improving the management of physical and virtual servers - Reducing the total number of systems simplifies IT operations and affects IT staffing requirements. Importantly, downtime is impacted by having fewer individual points of management.
- Going Green - The process of IT transformation brings the opportunity to change the IT infrastructure, supporting "go green" initiatives by reallocating workloads to the sets of server and storage devices on which they can run most efficiently and reducing total server footprints through workload consolidation.