Home » Business Continuity » Disaster Recovery

Disaster Drill: Practice Makes Perfect

As one of the nations largest insurance companies, USAA is in the business of managing risk. So it makes sense that the company uses exercises, simulations and drills to learn how to respond in the event of a disaster.

While few CSOs could afford to run exercises this elaborate, even those executives swimming in the shallow end of the risk pool can learn some lessons from observing these well-planned war games. This story looks at how USAA developed a contingency plan that suited its risk model and how other CSOs can determine where they and their company belong on that continuum.

IT'S 7:15 A.M. A bomb is found at the headquarters of a major East Coast bank. Reporting to the corporate situation management team are individual business unit SMTs that relay to the top executives in the command center what's happening and keep the business units functioning when an emergency hits. Each SMT is composed of three smaller teamsred, white and bluethat alternate shifts.

As each new event is thrown into the scenario, the SMTs face the challenge of trying to understand its implications for their business unit, not only from a human perspective but also from a customer support perspective. Yates points out that the company is often dealing in "live-money" transactions, where members (USAA's term for customers) want to sell stock, transfer money or get cash right away. In an emergency, in particular, people want access to their money, and in those situations USAA can't afford to be unavailable.

IT'S 9 A.M. A loud explosion is heard in the building. Several casualties are reported. USAA has learned to embrace Murphy's Law. "In combat, anything that can go wrong will," says Yates. "So you need to be working on instinct and training rather than emotion and fear." Many of the events that were injected into the exercise were done so precisely to test that training.

In an emergency, company leaders won't always be available. This is a principal tenet in USAA's approach to continuity planning. The CSMT executives held a lottery first thing in the morning to simulate this loss of leadership, and they removed three executives from the exercise. Other individuals had to unexpectedly take over, testing their ability to suddenly lead without relying on the executive staff for guidance.

Moreover, business unit SMTs working inside the "bombed" building also had to simulate that team members were lost. The surviving members of each group had to figure out how to carry on without those coworkers. On the IT department's team, for example, the entire group responsible for relocating workstations during the exercise was declared dead. In other cases, evacuations forced the situation management team members out onto the lawn where they had to try to keep their business unit functioning and their employees organized via cell phone.