Cost Effective Business Continuity


David Stephenson writes a blog on Homeland Security. I met him when I was CIO for Utah. H recently published a story on the ten homeland security technologies to watch in 2005. But what caught my eye was his criteria for judging homeland security technologies.

  1. Also having day-in-day-out applications so that they will both be familiar in an emergency (i.e., not requiring users to have to learn something new when they're already stressed) and will have economic and/or social benefits so their purchase and deployment are more easily justified.
  2. Decentralized, so they are less likely to be rendered inoperative by attacks on a centralized switching facility, etc.
  3. In the hands of the general public, so they leverage technology that is already in use (and, given the inevitable cost and procurement limits of government technology, more current) and that people are likely to have with them when disaster strikes, so they can get up-to-the minute information.
  4. Location-based, so that we can get away from lowest-common denominator evacuation and response plans that are likely to cause their own problems such as traffic jams.
  5. Empower the public, because authorities may themselves be incapacitated and our fate will be in our own hands, and because we may be more likely to listen to trusted friends and/or neighbors than distant authorities.
  6. Two-way, so that the general public and/or responders who may be the first to come upon an emerging problem can feed information back to authorities.
  7. Redundant, because various technologies have distinctive strengths and liabilities that may render them unusable, or, make them crucial fall-back options.
  8. Allow dissemination of information in advance so they can be quickly activated and/or customized in an emergency (instead of requiring massive data-dumps in the midst of a crisis).
  9. IP based, because packet-based information will require less bandwidth in a situation where conserving it is crucial.
  10. Foster collaboration, because multiple agencies and jurisdictions may be involved and will need to share information from a wide range of sources on a real-time basis.

With only a few word changes, this is also a great set of criteria for judging any technology you put in place for business continuity.

The point about having day-to-day uses is crucial. If you can't do that, then you probably ought to outsource that function to a specialist who makes it there business to test it. A good example is back-up diesel generators. Just putting one in might make you feel better, but you probably ought to have a regular maintenance contract with someone who'll come test it regularly.