When corporations' disaster planners get together, the talk naturally turns to disasters.
They talk about the large East Coast bank that recently was forced to borrow -- at a stiff premium -- about $1 billion from the Federal Reserve Bank after a computer snafu froze the bank's own money supply for 12 hours.
Or they talk about the 1972 earthquake in Managua, Nicaragua, that destroyed one soft-drink bottling plant but left another bottler standing.
Then there was the nearly 50,000 gallons of water that, along with the roof and an air-conditioning system, crashed down on Mazda Motors of America's computer complex in Compton, a Los Angeles suburb, during a February 1983, rainstorm.Within five working days, Mazda had constructed a computer building and installed a computer to serve its 500 dealers in 31 states.
That rapid response was in contrast to what happened in 1959 when fire destroyed a Pentagon computer center. Even though officials used the full power of the Department of Defense to obtain priority with suppliers, they had no disaster plan.It took 30 days to rebuild the facility.
That fire showed military data-processing managers -- and their corporate counterparts -- that "guns, guards, locks and dogs don't work" when it comes to protecting computer records from destruction, said Laurence B. Compton, who spent nearly 20 years devising computer security plans for the Strategic Air Command and the Air Force Military Personnel Center.
Despite the threat of fires, earthquakes, floods and man-made disasters, only 15 percent of the nation's companies have emergency recovery plans, said Diane C. Smith, manager of contingency planning for FCA Computer Services, a subsidiary of American Savings & Loan and cofounder of the Association of Contingency Planners, based in Long Beach.
However, because corporate dependence upon computers has grown so rapidly, "Most companies can operate for roughly one week without their data center before they go under," Compton said. "Some banks and insurance companies say they can't operate after just 2 1/2 days." He now is a vice president of Total Assets Protection, an Arlington, Tex., company that develops disaster recovery programs for corporations.
In addition to cash-flow problems, when a center stops computing, "The backlog of work becomes so large that you can't keep up," he said.
Disaster planning is important because 70 percent of businesses that "sustain a significant interruption . . . go under," said Barbara Foster, former Marin County, Calif., disaster planner who now is a private consultant for the American Red Cross' Marin County Private Sector Disaster Preparedness Project.
In California, corporate interest in disaster recovery programs has grown because "we've had more magnitude-six earthquakes during the past six years than in the prior two decades," said James Watkins, a state official with the Office of Emergency Services.
That growing interest has prompted an increase in the number of backup computer facilities operated by third-party companies that assist corporations with disaster preparedness.
Sunguard Data Systems of Wayne, Pa., recently announced plans for a computer backup facility in San Diego, and Comdisco Disaster Recovery Services of Chicago said it planned a similar facility in Cypress, southeast of Los Angeles.
Those facilities, which include completely equipped "hot" computer rooms and empty "cold" rooms, appeal to corporations that do not want to maintain disaster recovery facilities.
For a fee (one disaster preparedness expert estimated that "hot sites" generally charge an initial subscription fee of between $5,000 and $18,000, a one-time preuse fee of $25,000 and a $4,000 to $10,000 daily operating fee), a customer can move its staff in and use the center until a backup system is built.
Pennsylvania Life Insurance of Santa Monica, Calif., a member of American Can Co.'s financial services division, has constructed a recovery plan that "will let us recover [critical] data processing in five business days," said Bill Homan, a vice president and director of the company's data center.
Pennsylvania Life's recovery plan is based on the assumption that it will remain in business because its "critical" computer functions, including billing, claims processing and the writing of new policies, will be resumed within that five-day period at a "hot" computer site owned by Sunguard.
Surprisingly, since 1979, none of Sunguard's 278 clients has experienced a full-fledged disaster. And only four of Comdisco's 560 clients (including one disaster caused by a frozen water line and another caused by a fire) have had to rebuild critical computer functions at a Comdisco site.
That does not mean that disasters do not happen, however.
"Two months ago, I had four calls in one week from [nonclient] companies that desperately wanted to use our facilities," Comdisco President Raymond R. Hipp said.
Although many companies turn to third-party suppliers or reciprocal agreements with companies that have compatible equipment, some companies, such as Rockwell International Corp., prefer to go it alone during a disaster.
Rockwell spends between $1 million and $2 million annually on disaster preparedness, including $200,000 for rent and maintenance of a "cold site" that could quickly be turned into an active computer center should a disaster wreck one of the company's data-processing centers.
"I'm all for calling it alternate-site processing because the phrase 'disaster recovery' scares the hell out of me," said Larry Manly, vice president of operations for Rockwell's Information Systems Center, during a meeting in Los Angeles of the Association of Contingency Planners.
Instead of creating a separate system to handle disasters, Rockwell has integrated contingency planning into normal work routines, giving the company a "large, knitted-together type of solution," Manly said.
Rather than rely on "canned tests" of the system, Rockwell once each quarter orders a different computer center to process its complex, 90,000-employe payroll program. A management committee reviews the written, step-by-step plan to "fix problems that regularly occur."
Properly trained employes can avert disaster.
When a 1983 rainstorm cracked the roof on Johnson & Johnson's dental-products plant and office in East Windsor, N.J., "Water started pouring into the building," said Larry Bowker, director of management services. Although a quick-thinking employe managed to shroud the company's computer hardware in plastic sheeting, "There was about a half-inch of water in the building, and there was dirt all over the place," Bowker said. International Business Machines Corp. "said we'd never get [the computer] back up in a week."
However, Johnson & Johnson's disaster recovery plan called for a quicker return to business because, "After a five-day time period -- it becomes critical if you're not manufacturing product, shipping it and [tracking] accounts receivable -- you don't have a cash flow."
Luckily, the rainstorm that began Wednesday ended Thursday, and work crews rebuilt the roof Friday. Bowker said Data Clean Corp., a company that cleans and maintains computer rooms, had Johnson & Johnson's computer room ready for operation by Sunday night.
Instead of focusing on "cataclysmic events," recovery plans should focus on "what you [can] protect against and what you can live with financially," Manly suggested. "You obviously can't have idle [computer] capacity sitting around waiting for a disaster to happen."
And, Manly said, "In the event of a cataclysmic event, [Rockwell has] decided to put the business behind us and concentrate on the personal aspects of recovering."
At IBM, which has outlined its emergency program in a formal corporate document that charges senior managers at each of its facilities with emergency planning, protection of company assets is intertwined with avoiding and minimizing personal injuries and helping the local community return to normal, according to IBM spokeswoman Debra Gottheimer.
Although corporate planning has been focused on the data processing needed to maintain cash flow, contingency planners have been broadening their scope to include the management of employes during a disaster.
"I think there are three parts of contingency planning -- people, data and facilities, in that order," Smith said. "This profession is evolving into something called crisis management, which encompasses a lot more than just data or buildings."