Saving the Business with a Contingency Plan

July 6, 2007
How THF Realty survived major power outages and kept the company going

A prolonged power outage like St. Louis experienced multiple times last year is a major inconvenience for homeowners, but it can be lethal to businesses.

The National Archives and Records Administration says 93 percent of companies that lose access to their data for 10 days or more file for bankruptcy within one year.

But companies can develop an emergency preparedness plan that works for them.

An example is THF Realty Inc., a St. Louis-based real estate development and management firm with 85 employees. Risk manager Sabrina Radney explained at a recent Clayton Chamber of Commerce program how the company developed its plan and how it worked last summer.

Thanks to lessons it learned in an earlier outage, THF continued operations when two massive thunderstorms swept through the area last summer, leaving the company without power.

A key component in any business's emergency preparedness plan is protecting the information stored in its computers.

Information technology is at the core of critical business processes, making a contingency plan essential, said Elizabeth Niedringhaus, president of SSE Inc., a St. Louis company that develops courseware and data software, designs networks for companies and offers technology services to businesses.

"THF Realty's experience in last year's power outage is similar to what a business could experience with the failure of a critical piece of computer hardware," she said. "You know it will eventually be up and running again, it's just a matter of time."

Although vulnerabilities can be minimized through planning, "it is virtually impossible to eliminate all risks," Niedringhaus said.

"Therefore, effective contingency planning is essential."

Niedringhaus stressed the need to develop a contingency plan listing measures a business must take to recover information technology services after an emergency or system disruption.

"Think about what measures you can take to reduce the effects of disruptions," Niedringhaus said.

That includes backup methods and options, alternate sites, equipment replacement and places to keep copies of software, she said.

"This plan needs to be so specific that someone doesn't have to think in an emergency - they literally just have to follow the directions," she said.

THF weathered the storm by taking a variety of steps, starting with a disaster recovery plan that was developed after an outage in 2005.

"During those few hours in the dark, we realized our disaster recovery plan had not kept pace with our growth," Radney said.

On the technology side, the company moved its server off-site so files and e-mail could be accessed as soon as possible.

It also moved laptops into temporary meeting space where they were configured by the IT team to access the relocated server.

When the power was restored, THF held a celebration to recognize everyone and hand out some awards.

"Through it all, we were able to operate at approximately 70 percent efficiency," Radney said. "We even closed deals."

The disaster recovery team did a post-mortem and tweaked the plan. An Internet messaging system all employees can check periodically for information and updates was added, for example.

But in the end, Radney said, "We were tested and came out stronger and smarter as a team."

Disaster protection

Here are steps businesses can take to safeguard their information.

- Develop a contingency planning policy statement.

- Conduct a business impact analysis.

- Identify preventive controls.

- Develop recovery strategies.

- Develop an information technology contingency plan.

- Plan for testing, training and maintenance.

Source: SSE Inc.