Oct 31, 2012

What lessons can IT take away from Hurricane Sandy?

Many of us on the east coast are still dealing with the aftermath of the storm, and I hope everyone is doing ok. Did you learn anything that might help mitigate problems if there is another massive disruptive event like Sandy?


I would echo the earlier comments.  Take disaster and business continuity planning seriously.  Actually test your back up systems, and make certain that everyone understands their role.  I used to be a pilot, and a large part of training wasn't on how to fly an aircraft, it was how to fly an aircraft when things are going seriously wrong.  Funny enough, I actually had a problem with one engine on a Piper Apache twin, and it was actually easier to deal with in reality than the training.  Preparedness makes big challenges manageable, just as Christopher pointed out. 

It certainly illustrates the need for multiple backups, at the very least. And it also highlights the need to plan ahead. Way, way ahead. I am hoping that this last hurricane gets a lot of IT folks to sit down and totally reevaluate their plans for disasters. It's probably a good idea to go through the entire thing and make sure it's up to date, and that includes planning for a disaster the size of Sandy.

I don't run an IT department, but the obvious main lesson is that it's crucial to make disaster preparation a priority before a disaster. Otherwise disaster recovery is likely to be haphazard and ineffective.


A disaster preparation strategy -- including lines of command and specific steps to take under various contingencies -- needs to be worked out in detail when people are thinking clearly and not responding in a panic. I saw this process in action earlier this week when the organization my wife works for -- which provides support services to school districts in upstate New York -- developed a clear plan last week for dealing with Sandy. Once the storm hit (and it wasn't that bad up here), everyone knew what to do. So when my wife got a 5:30 a.m. call Monday from a school superintendent, it wasn't to figure out how to handle the situation, it was to give the go-ahead to implement the plan. 


IT needs to do the same thing. Figure out how to handle specific crises in a way that mitigates or avoids downtime for a network and protects data.


Your question, by the way, is perfect for situations such as this. When something bad happens, even if it doesn't affect you, it should prompt IT pros to say, "Are we prepared to handle this kind of situation?" If the answer is no, then IT has some work to do. I also think it's best for IT to be proactive in pushing a plan to top executives, rather than waiting for them to request a disaster-recovery plan.

Answer this