London is still
reeling from the aftermath of the July 7 bombings and the unexploded bombs that
were a near-miss two weeks later. Much has been made of the mythical
“blitz” spirit of Londoners like myself,
though in truth there aren’t as many people on the tube and in the shops as
usual. However, for all the inevitable nervousness, business operations have
not been disrupted.

Of course, the
London bombs did not destroy any of the city’s commercial infrastructure,
though many firms were on standby as the extent of the damage became clear—particularly
the capital’s financial institutions that are so vulnerable to systems going
down. And it has provoked a reassessment of business continuity planning (BCP).
What has emerged from that is interesting. In short, BCP is increasingly seen
as a bread-and-butter issue, not one that is a reaction to exceptional, if
horrific, events.

Tips in your inbox

Stay up to date with the latest IT news and information affecting the world of finance with TechRepublic’s free Financial Services IT newsletter, delivered each Wednesday.

Automatically sign up today!

Research shows that
terrorism is not the primary reason why companies are concerned about business
continuity at all. Rather, they simply want to know that they can rely on IT
systems, come rain or shine. The tightening regulatory environment is also
encouraging increased investment in BCP. In fact, according to disaster
recovery specialist SunGard, only five
percent of businesses in the United Kingdom say that terrorism poses a primary
threat to them at all. That figure has dropped from over a third in 2003.

Financial firms emphasize continuity instead of
“recovery”

“9/11
caused people to focus on just one of the drivers of business continuity
spending, and two years ago this event was still at the forefront of people’s
minds,’ says Keith Tilley, UK
managing director and senior vice-president Europe at SunGard. “This year’s survey reflects a
trend towards a more pragmatic view and the reality that terrorism accounts for
a small number of our customers’ problems.It’s encouraging to see a trend towards a more pragmatic view.
The more mundane incidents—power outages, software or hardware failure—can have
just as devastating effects.”

Banks have also
become much more sophisticated in the strategies they adopt to ensure
continuity. A combination of reactive and proactive measures is now the norm;
that is, there is less of a tendency to see the issue as one of disaster
recovery and more as one of business continuity—involving high availability
infrastructures often delivered by managed services. “Backing up the
company data once a day no longer constitutes an effective contingency plan,
because it can take days to recover the information for staff to use,”
continues Tilley. “As technology becomes ever more complex and our
reliance on it increases, recovery of critical applications should take seconds
at most, not days.” The goal is that for all but catastrophic disruptions,
staff should not even be aware of an interruption.

A good example of
this lesser incident was experienced by Royal & SunAlliance, an
international insurance group. Last year, a fire in a tunnel
in Manchester
, in northwest England, caused a major disruption to telephone
lines in Royal & SunAlliance’s main offices. 130,000 landlines across the
region went down for a whole day and communications problems continued
throughout the following week.

This was a serious
incident for two reasons. First, rerouting calls is a complex matter. So, a company
without the capability to work around any outages would simply lose its calls.
Indeed, the problem is compounded since following any incident there is
inevitably an increase in the number of calls people make—often by landline
since the mobile networks become jammed. The second reason the incident was
serious is that it compromised the bandwidth available to Royal &
SunAlliance.

Luckily for Royal
& SunAlliance, SunGard had recently upgraded a recovery center some
distance from Manchester, and outside the impact zone of the fire. In short,
bandwidth was restored within two hours of the incident being reported, and
within four hours all telecom services were fully operational, and servers and
desktop PCs were in place for staff to use.

This seems typical of
the post-9/11 attitude towards disaster recovery. Not because of terrorists,
but because of all the other hazards a business may face, it has become
business as usual.