Contingency Planning

By Ralph Lipizzi

The federal government is unprepared to continue the business of democracy in times of national emergency, according to a recent General Accounting Office report. None of the 23 agencies GAO studied has an adequate continuity-of-operations plan as mandated by the Federal Emergency Management Agency in 1999.

Many agencies have struggled for additional direction and funding to meet this mandate. Chief information officers and managers alike have questioned whether their agencies can afford to divert operational resources - people, facilities and budgets - to prepare for events that might not occur.

Continuity planning evolved significantly after FEMA issued its mandate. Most public and private sector plans came out of preparations for the Y2K crisis. Later, as the private sector recognized the need to minimize downtime in an increasingly digital world, continuity planning came to mean minimizing the effects of system failures or natural disasters.

Then came 9/11. Even solid plans failed to prepare organizations for such disruption.

The attacks on America revealed that re-establishing network connections or recovering IT systems is not sufficient to ensure seamless operations during a national emergency. Forward-thinking continuity planners have broadened their strategies to include the entire enterprise, viewing the agency as an integrated and dynamic whole that can adapt to evolving threats.

Colleen Murphy, director of assurance programs for the Internal Revenue Service, has been wrestling with continuity planning. At a recent gathering of private and federal planners, Murphy noted that the IRS learned more about its critical business systems and discovered potential points of failure as it began to think of bolstering the entire enterprise.

"This became the start to extensive contingency planning, with the [continuity-of-operations] plan representing one piece of the enterprise's strategy to build resilience into its business processes," she said.

In a recent Gartner Group study, 620 CIOs put business continuity among their top priorities. Federal agencies can take five practical steps to bring their plans into compliance with established standards.

For the government, the benefits of continuity planning are greater than preventing lost time or revenue. Major disruptions threaten the stability of our democracy. Their effects are measured not just in dollars, but in a loss of confidence, trust - and, ultimately, in lives.