When Hurricanes Katrina and Rita blew through the Gulf Coast recently, the devastation directly or indirectly touched everyone in this country. In the foreseeable future, the debate will continue over how preparation and relief efforts were handled, including what the federal government should have done better to aid state and local officials to prepare for the hurricanes.
Hopefully, that debate will spawn lessons that will make all of us more resilient to future catastrophes. One lesson is already clear: Business continuity and disaster-recovery plans that state and local officials enact can truly be matters of life and death.
These weather calamities teach us that continuity and disaster-recovery planning shouldn’t be about writing formal documents that agencies create out of regulatory obligation and then file away. Instead, these guidelines should be living plans that every state and local agency updates on a regular basis.
Continuity and recovery plans are the first lines of defense for keeping vital agency services up and running. When Katrina hit, emergency officials and residents of the four hardest-hit states used the available government Web sites to guide their response to the disasters and to begin piecing lives back together.
In a blunt post-storm analysis, Lee Holcomb, CIO of the U.S. Department of Homeland Security, acknowledged shortcomings in federal disaster-response plans. But just as significant was his observation that government Web sites working around the clock provided key communication links to the state and local authorities that were involved in rescue efforts.
For the general public, portals created by cities and states directly affected by the hurricanes gave their citizens up-to-the-minute details about evacuation orders, as well as direct links to relief agencies. The information clearinghouses continued operating long after the storms passed in order to help people replace driver’s licenses and other legal documents or to put them in touch with financial assistance programs.
Louisiana set up online communication links for separated families and friends. Mississippi’s official Web site includes an easily accessed page with contact information to the state agencies that are most important to the rebuilding effort. Similarly, the city of New Orleans’ site keeps citizens abreast of shifting evacuation and return orders.
The pivotal role these sites play shows why continuity and recovery planning isn’t just a check-off item on someone’s to-do list. When it comes time to devise these plans, state and local governments have wide latitude in the guidelines they create, unlike their federal counterparts, whose choices are more formally regulated.
Nevertheless, state and local officials can look to federal efforts for guidance. For example, the National Institute of Standards and Technology’s compilations of best practices from large agencies can provide models that are appropriate for local customization. NIST’s “Contingency Planning Guide for Information Technology Systems” (http://csrc.nist.gov) offers hands-on advice for performing contingency risk assessments, developing workable recovery strategies, and testing and continuously updating the plans.
Similarly, NIST’s “Recommended Security Controls for Federal Information Systems” (http://csrc.nist.gov), which is primarily about IT security, includes helpful appendices that cover a wide range of IT contingency and disaster-recovery strategies, including scenarios such as operating from alternative work sites.
Those who were fortunate enough to survive Katrina and Rita found themselves more reliant on government services than ever before. All of this points once again to the critical roles state and local agencies play in our lives.
JIM SHANKS is a former CIO who is the President of CDW Government Inc.