In Brief
Building a Disaster Exercise Plan
If things are going perfectly, the people at USAA think they're not pushing hard enough
By Daintry Duffy
November 08, 2002
—
CSO
—
When CIO Steve Yates joined USAA three years ago, the company's business continuity exercises were only on paper. Every year or so, the top-level staffers gathered in a conference room to role-play; they'd spend a day examining different scenarios, talking them out
Live exercises were confined to the company's technology assets where they would conduct periodic data recovery tests of different business units
In truth, Yates wondered if such passive exercises reflected reality. He also wondered if USAA's employees would really know how to follow such a plan in a real emergency. "Could the company really withstand something massive instead of minor?" he asked. When Sept. 11 came along, he realized the company had to do more. "Sept. 11 forced us to raise the bar on ourselves," says Yates.
So he engaged outside consultants who suggested that the company build a second data center in the area as a backup. After weighing the costs and benefits of such a project, USAA initially concluded that it would be more efficient to rent space on the East Coast. But after the attack on the World Trade Center and Pentagon, when air traffic came to a halt, Yates knew it was foolhardy to have a data center so far away. Ironically, USAA was set to sign the lease contract the week of Sept. 11.
Instead, USAA built a center in Texas, only 200 miles away
Yates made site visits to companies such as FedEx, First Union, Merrill Lynch and Wachovia to hear about their approach to contingency planning. USAA also consulted with PR firm Fleishman-Hillard about how USAA, in a crisis situation, could communicate most effectively with its customers and employees.
Finally, Yates decided to put together a series of large-scale business continuity exercises designed to test the performance of individual business units and the company at large in the event of wide-scale business disruption. In March, the company simulated a loss of the primary data center for its federal savings bank unit and recovered the systems, applications and all 19 of the third-party vendor connections. In July and August, it ran similar exercises with other business units.
Data Center Directions Virtual Conference
Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.
Safeguarding the New Currency of Business
Watch this webcast to learn how your organization can leverage PricewaterhouseCoopers' Global Information Security Survey 2008, the world's largest survey on privacy and infosec practices.
- View Gartner Video: Best Practices on Web Application Security
- Safeguarding the New Currency of Business
- The Evolution of Application Security - Reducing Risk in Your Organization
- Data Protection: Challenges for the Traveling User
- Revolutionizing Endpoint Security with a Single Agent
- Make Compliance Regulations an Ally Not an Enemy
- Optimizing Infrastructure Control
- IT Service Management: Metrics That Matter
- File Integrity Monitoring: Secure Your Virtual and Physical IT Environments
- Understanding Data Location is Imperative for Data Loss Prevention
- Effective Security with a Continuous Approach to ISO 27001
- Configuration Assessment: Choosing the Right Solution
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partner
CSO Executive Seminar on Application Security
-
January 29, 2009New York, New YorkRegister now »
-
February 25, 2009San Francisco, CaliforniaRegister now »
(ISC)2 members can earn up to 6 CPE Credits
Reference priority code ONLINE and attend this program as our guest — that's a $295 savings!
