It’s a pretty safe bet that a lot of organizations in the Northeast are bulking up their business continuity plans (BCP) right now. That’s because many of them were left in the rubble following Superstorm Sandy, and experience is often the best teacher. If your organization escaped that disaster, you should let the experiences of those that got hit be lesson enough for you. Don’t wait until it’s too late; the whole point of a BCP and an information systems contingency plan (ISCP) is to be prepared before catastrophe strikes.Unfortunately, we’re all adept at postponing planning. Let’s face it: ISCPs are not cheap, sexy or fun, and often they aren’t even used after time, money and effort have been spent developing them. And we tend to think that a business-crippling disaster just isn’t likely. The odds are indeed low. Category 5 hurricanes like Andrew (South Florida, 1992) are relatively rare, and the chances of one hitting New York are extremely slim. That’s one reason why Sandy is so instructive. Compare it to Katrina (Gulf Coast, 2005), which trumped Sandy in many ways. A Category 3 storm when it went ashore, Katrina caused damage that was assessed at $120 billion and led to 1,836 deaths. Sandy was barely a Category 1 when it hit the coast, and it caused $30 billion to $60 billion in damage and resulted in 109 deaths. But Sandy had a much bigger impact on business. The three states most affected by Sandy are home to 85 Fortune 500 headquarters, compared with 20 in the area affected by Katrina. Sandy’s power outages affected 8.4 million people (and thousands of businesses), whereas Katrina left 1.7 million people without power. And Sandy’s impact was felt throughout the world economy when it forced the closure of the New York Stock Exchange and many U.S. government offices. In other words, a storm doesn’t have to be a record-breaker in terms of strength to cause tremendous havoc. And businesses located along the coast aren’t the only ones at risk. There are all kinds of disasters, including earthquakes, tornados, wildfires, tsunamis and blizzards.I’ve heard people argue that ISCPs don’t increase revenue, cut costs or create new services. That’s true, but they can help to avoid costs and prevent devastating drops in revenue. And creating an ISCP identifies potential vulnerabilities, whose elimination strengthens IT robustness. What’s more, an ISCP can help with compliance. Increasingly, professional organizations and federal guidelines strongly encourage or mandate BCPs. For example, the National Association of Securities Dealers requires the creation and maintenance of a BCP. Sarbanes-Oxley Section 404 requires management to establish and maintain “adequate internal control over financial reporting.” The inability to recover after full or partial outages could be considered noncompliance.An effective ISCP project has four phases. First, fund it. Second, create a comprehensive ISCP. (NIST provides an excellent model.) Third, test it regularly to verify the integrity of planned operations and to ensure that employees understand their responsibilities. Fourth, update the ISCP periodically, to reflect infrastructure changes and add support for new services, such as BYOD, mobile access and big data. Beyond that, examine existing ISCPs to find holes in coverage. And don’t forget supplier exposure!With Sandy fresh in mind, take advantage of management’s increased awareness of the threat of natural disasters. But act quickly; memories will fade. Develop an ISCP before this window closes. Bart Perkins is managing partner at Louisville, Ky.-based Leverage Partners, which helps organizations invest well in IT. Contact him at BartPerkins@LeveragePartners.com. Related content news analysis Apple earnings: About that iPhone 'slump' in China Based on information from Thursday's earnings report, it seems that data pointing to an iPhone slump in China were over-baked. By Jonny Evans May 03, 2024 9 mins iMac iPhone Apple news Microsoft begins to phase out ‘classic’ Teams Microsoft is encouraging Teams customers to move to the new, faster version of the collaboration app; the older version will be switched off next year. By Matthew Finnegan May 03, 2024 3 mins Microsoft Teams Collaboration Software Productivity Software news analysis Apple confirms it will open up the iPad in Europe this fall The latest efforts to comply with Europe’s Digital Markets Act mean developers can offer to side load apps to both iPhones and iPads in the EU. Apple has also taken steps to improve what it offers to smaller and non-commercial developers in the By Jonny Evans May 02, 2024 6 mins iPad Apple Mobile Apps news Udacity offers laid-off US workers free access to its courses for 30 days Sign-ups will be available over the next 30 days By Lucas Mearian May 02, 2024 4 mins Technology Industry IT Jobs IT Skills Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe