Disaster management and crisis recovery are ugly topics, but in the
post-9/11 world, not-dealing with them is not an option.
disclosure, as they say in journalism circles, before they typically
disclose something utterly trivial and profoundly beside the point: I
was a securities lawyer with a large investment bank/broker-dealer
for nearly 10 years whose offices were primarily in the South Tower
of the WTC; although I had left the firm before 9/11, on that day I
lost one abnormally courageous and far-sighted friend, who had predicted
another attack (I was there for the first one in 1993), the firm’s
head of security, an Aussie and a Vietnam Vet, and a "bloody-hell"
down to earth fellow. His fatal mistake? He stayed behind
to make sure everyone was getting out. For the record, the firm
lost only two other people.]
On to the topic at hand, then: We have moved from the era of
"disaster recovery" to the era of "business continuity." In
other words, it’s not whether your critical files are backed up, it’s
whether your firm can continue to function and serve its clients. This
is a more complex endeavor. Why is this important? The
obvious reasons are:
- Moral: You have a duty to your partners, employees, and clients;
- Physical: Your firm is entrusted not just with data but with
confidences, with plans, with, if you’re good, dreams–safeguard
these; and - Conceptual: Senior management has, as part of their mandate,
an obligation to undertake a serious examination of "risk management,"
and today that includes, alas, terrorism.
Perhaps the most astute insight from this
article about these issues
is this question: How will senior management think on their feet
in the face of a huge, and by hypothesis unforeseen, disruption to
the business? If the instinct is to adopt "business as usual"
mind-sets, patterns of behavior, and methods of communication, the
disaster will be amplified. The more unfamiliar and threatening
the reality, the more our instincts drive us to take comfort in the
familiar.
Resist the impulse.