It’s human nature to want to accentuate the positives and downplay the negatives about us. This is as true for individual people as it is for our businesses and organizations. The problem is that the bigger organizations usually have bigger rugs to sweep the unflattering stuff under.
Organizations are judged for many things, including their profitability, their environmental footprint, their human resources record, and now a recent addition to the list: performance in time of crisis
An organization’s disaster recovery plans are typically secret in nature, especially since so many DR plans are insufficient or incomplete. No organization wants to be judged harshly for being unprepared for potential catastrophe, even if they deserve to be. Customers and business partners are not always very forgiving.
But should your DR plans be revealed as lacking in any way, whether through third-party review or through actual experiences, you can be certain that it will reflect in an unflattering way on your organization.
Major DR Shortcomings Found at University
Here’s a case in point. Last month an audit at the University of Louisville revealed major shortcomings in that school’s disaster recovery plan. The audit showed that the U of L had not carried out a thorough review of its DR plan for several years. And some DR experts say that DR plans should be updated and reviewed four times a year!
The audit also showed that the U of L had insufficient backup systems in place, so that in the case of data center flooding some data would be destroyed forever, while a test of the system revealed that some other IT functions would take at least a month to get up and running again.
The school’s VP of IT argued that this is the very purpose of testing, to reveal any weaknesses in the DR plans so that they can be addressed and improved. But critics said that the audit revealed the University had for some time been ignoring the importance of updating its DR plan.
Stakeholders Have a Right To Know an Organization’s DR Preparedness
The truth is that every organization owes it to their stakeholders to keep its DR capabilities up to date. Imagine if you were a graduate of the university, and your university records were destroyed with the school’s database. It is something that could have a major impact on your next big career move. You should have a right to demand that the university protect your information.
From the university’s perspective, revelations of a lax DR program surely causes damage to its reputation, and hinders its ability to attract top academic talent, as well as its ability to secure research investments. But the flip side is also true. A highly visible, comprehensive DR plan surely enhances the reputation of an organization
