IT professionals grab two things when the power goes out: a flashlight
and a bottle of TUMS. In spite of their best efforts, data will be lost. And,
management’s wrath quickly finds its way to the IT department.

Rather
than suggest a new UPS or a state-of-the-art backup generator for when the next
blackout hits, I’m passing along information I gleaned from the European
Union Agency for Network and Information Security (
ENISA) report, Power
Supply Dependencies in the Electronic Communications Sector (
PDF download).

The paper looks at power
outages from a risk assessment point of view. The report starts out with authors Christoffer Karsberg, Dr. Konstantinos Moulinos, and Dr. Marnix Dekker announcing their
goal of answering the following questions:

  • What will help
    reduce the frequency of power disruptions and outages?
  • What can improve
    the electronic communications sector’s ability to handle power disruptions and
    outages?

After sifting through all data relevant to power outages (ENISA tracks
power outages in the EU), the authors asked major communications and networking
National Regulatory Authorities (
NRA) what they are
doing to avoid data and telecoms
interruptions due to losing power. The report lists the questions asked and which
agencies participated.

The authors then worked their magic and came up with recommendations. I studied their recommendations, and there’s a lot of good
advice that can be added to existing contingency plans to reduce the impact of
power outages. I paraphrased the recommendations so they were more meaningful
to IT professionals responsible for protecting company assets during a power
failure.

Recommendations

1: Analyze the frequency and
impact of network and service disruptions caused by power outages and pay special attention to the following:

  • Expected number of
    service disruptions within a given time frame;
  • Length of these
    service disruptions;
  • Impact in terms of
    number of users and services affected; and
  • Severity of these
    incidents, distinguishing between degradations and full outages.

2: Collaborate with providers to
collect good practices that can be used to better survive power outages.

3: Perform a risk assessment,
including a cost-benefit analysis, to determine what is reasonable to expect
from providers (power and services) during power outages.

4: Check existing
protection measures regularly to avoid or at least reduce network and service
disruptions from power outages. (The report emphasizes the need to consider
employees who work offsite.)

5: Review network and service
issues caused by power outages in order to avoid or reduce the impact of the
next power outage.

6: Establish cooperation
between power companies, internal departments, and remote service providers
upon which the company is dependent. 

Join the discussion

Are there tips that you would add to this list of recommendations? If so, please post them in the discussion.