Houston Business Journal - March 17, 2006
by Dave Ferdman - Special to Houston Business Journal

The year 2005 slammed the Gulf Coast with the most destructive hurricane season in history and the region's information technology infrastructure felt the sting.

Although 2005 is now history, the oil industry can't just breathe a sigh of relief. For 2006, weather experts predict 17 named tropical storms, nine hurricanes and five major hurricanes. Disaster planning for Houston energy companies, including their valuable IT assets, should remain a high priority.

Strategically, several critical lessons emerged from the storm season, which apply to all segments of the oil industry from upstream to downstream and especially for seismic with its huge quantities of data:

Understand the stakes. For a company's valuable data and functional applications, the whole is greater than the sum of the parts; the IT infrastructure keeps it up and running.

What happens when that infrastructure is unavailable or inaccessible differs with every enterprise, but many IT leaders discovered during the 2005 hurricane season that simply knowing downtime cost is the first step.

Having a method of calculating the specific cost of IT application, Internet and network downtime is important. It's the only way of knowing whether management is truly investing in protecting a company's operation or simply scared into overspending following a major disaster.

Avoid the technology trap. Servers, back-up tapes and generators are tangibles that initially come to mind when disaster recovery and business continuity preparedness are considered. But there are two sides to the coin.

Some companies have the technology covered -- the financial systems, customer relationship management, file servers. But not so with the people side. Instead, various scenarios exist that would prohibit employees from being productive. These include access to the building, power to the building, elevators to offices, lack of communications.

It's important to make alternative arrangements for these employees in advance. When Rita loomed in 2005, for companies that were prepared, there was local hardened offsite office space in place, right down to fresh coffee for their critical personnel.

Outside of human and technical infrastructure, IT leaders must also remember that disasters affect HR availability and reliability. Assign critical roles to employees comfortable with being away from their families or make arrangements for families of critical staffers' safety in advance.

Stay on top of the game. It's the chief information officer's role to keep the momentum of contingency support going all year long, and executive management must be kept informed. Armed with hard numbers, potential risks and a solid case for why executives should care, they will have the awareness that is critical for getting the resources to succeed.

Another unfortunate trend brought forth by the storm was a sudden realization that many business continuity and disaster recovery plans were out-of-date. These plans have to live, breathe and grow over time.

Move sooner, not later. "We had just finished negotiations to outsource when Rita hit. So, five days prior to landfall, I had to come up with a contingency plan which involved transferring 10 people to our London office," recalls an energy utility manager. "Getting data to the London office was hard. Fortunately, we were in full disaster recovery mode, and Houston didn't get hit the way everyone thought it would."

With the offsite data center and new business continuity plan in place, both power redundancy and the difficulty of getting data to the London location were ameliorated.

Put processes on paper. Before deployment of a business continuity or disaster recovery plan is required, have processes in place for all fundamental infrastructure, back-office and communication needs.

Many energy companies may not have to start from scratch. In 2005, some companies were more prepared than others because of compliance demands. Some of those processes can be used as a template, though it's by no means comprehensive.

Although a disaster recovery plan is not technically a mandatory part of Sarbanes-Oxley Act regulation, it is a practical component of sound IT stewardship.

Dave Ferdman is CEO of CyrusOne (www.cyrusone .com), a full-service data center specializing in IT infrastructure outsourcing.

This article was originally published online at The Houston Business Journal

All contents of this site © American City Business Journals Inc. All rights reserved.