BUSINESS IMPACT ANALYSIS
BIA
She had these worries because this scrivener had been involved with an earlier move
for the same data center, and we shared our
thoughts.
The data center relocation project provided
a good example of why every project should
involve a risk management/business continuity practitioner in the initial stages.
For Projects
By JOHN GLENN, MBCI
Someone on one of the lists I watch noted that busi- ness continuity practitioners typically work “after the fact.” That is, they become involved in a proj- ect after it’s completed. Unfortunately, that’s true. “Better late than never” may apply, but too often, the “after-the-fact” involvement proves costly. For the purposes of the following, and because it
always is standard operating procedure for this practitioner,
BIA includes risk identification and avoidance/mitigation
options.
Not Always Bricks and Mortar
Let’s consider a software project for a
moment.
What possibly could go wrong with a software project?
Start with the most likely – missed deadline.
How about programmers who abandon
the job in mid-project. It happens. People get
sick, they resign, they get dismissed.
As with all things “business continuity,”
In the case of the programmer’s disappearance, the avoidance
is to insist that the programmer “comment” his or her code. Lots
of programmers object to using comments because they consider
cryptic code to be job security. Someone – the programmer’s
employer or not the project manager – needs to insist on com-
menting, not because the programmer’s reliability is suspect but
because it’s “just good business practice.”
Performing a pre-commencement BIA may turn up reasons to
either kill a project before it starts or modify its goal.
Some Cases in Point
A Fortune 100 firm once moved its operations from one location to another. The distance between the two sites was a matter
of a few miles. It had a new structure built to house the operation.
To show off the true profit center – in this case, the data center –
it put the data center on the ground level behind huge plate glass
windows in the building’s lobby. Very classy. The only problem
was, the building was in a flood plain and the organization’s profit
center –being on the ground floor – was at risk.
Fortunately, there were alternate sites in two widely distant locations, but the flood threat and business disruption risk
remained.
A friend of mine and a co-worker at the consulting company
was project manager for the physical move from Point A to Point
B. She was aware of the need for a project business impact analysis (BIA) and, within the scope of her mandate, she did a risk
analysis.
What happens if ...
the new data center is not ready on schedule?
a piece of equipment fails to arrive on time or fails out of the box?
the T- 3 (then) telco lines are not installed?
... and on and on.
Architectural Risks
In the world of concrete and steel, consider a project to build
a new facility.
In the United States, there are two threats that know no geographic boundaries: tornados and earthquakes.
Given that, new structures built in areas of high probability of tornados or near a fault – and there are faults all across
the country – should include at least a consideration of tornado or earthquake resistant construction. Where can people
go to safely shelter-in-place in the event of an environmental
event? A safe room, a place designed to survive the event, is
the answer.
Beyond environmental threats, the BIA should consider geographic threats such as nearby rail lines that may be necessary
to move raw materials in and finished products out and possibly carry hazardous materials, seaports, and major roadways.
Proximity to airports is also always a risk, especially if the new
structure aligns with take-off and landing patterns.
Even acoustics from planes, trains, and trucks might be a consideration of some organizations. But the structure is sound proof,
correct? Of course, but what about sound waves? If loud enough,
long enough, and close enough, the sound waves (vibrations) can
take a toll on staff and the building itself.
