On March 14, 2003, the Xplor Chicagoland Chapter again partnered with the AIIM Wisconsin and COMA Milwaukee groups to increase last year's attendance from 80 to 96 attendees. All the group's members wanted a meeting on Disaster Recovery and Business Continuance. This topic became this year's meeting theme. We also had significant contributions from our vendor community. IBM sponsored the facility and an excellent lunch and Scitex provided door prizes including an Epson C82 inkjet printer.

We were all excited to have a special guest in attendance. This guest was Gwendilyn McGuire, AITP Chapter President at the University of Wisconsin Milwaukee Campus. COMA has been working with the Association of Information Technology Professionals to set up company visits with COMA members. These visits are designed to allow college MIS students to interact with today's Electronic Document professionals. Gwendilyn will be attending the next Xplor Chicagoland Chapter meeting and our chapter will forge alliances with AITP to help assist the future of our industry.

Bill McCalpin, EDP, General Manager of Xplor International, opened the meeting with an overview of the strengths of Xplor International. These include: 1,500 member companies, 3,400 members, Xplor's educational mission for member professionals, Xplor being a User Group rather than a for-profit Trade Show, and that one third of Xplor members are Data Center people. Bill encouraged the attendees to consider Xplor membership along with their current professional memberships.

Bill McCalpin then presented the first presentation, "Something Funny Happened On The Way To The Electronic Forum". The main theme was how could archived data capture both information content and the document author's intent?

In early Rome, there were many people who could read the Etruscan language. Today, no one can read the Etruscan manuscripts housed in the Vatican Library. Although the documents have been saved, they are of little use. This problem has to be avoided with today's archived documents.

There are hidden costs to Imaging:

• Print/Presentation information is lost.
  
• Raster data is typically 10 times the size of the same paper source or print format.
  
• Imaging systems are normally monochromatic to save disk space.
  
• PDF preserves presentation.
  
• PDF does not preserve the purpose of text or graphics.
  
• XML preserves the intent of the author.
  
• XML not so good at preserving the original presentation.
  
• XML shares the power of presentation between the author and the user. Can't be sure what the user sees in their browser.
  

Another problem with Imaging is Information Affirmation. Each time information is converted from 1 format to another, the information must be affirmed. The City of Baltimore reported a 37% error rate in retrieving the Officer's name from imaged traffic tickets.

What is the message?

• You must choose a stable archiving media. Magnetic Media is easily damaged and Optical Media doesn't have a long shelf life.
  
• The Data Architecture is the most important part of saving electronic information.
  
• PDF and XML are the 2 main architectures.
  

The latest version of PDF can imbed XML within the PDF, but doesn't save the document attributes that need saving.
In the future, people will no longer see original documents. Because we can not fully anticipate how archived data will be used, we must save all the document information that we can.

Timothy Bishop, CBCP and CISA and Michael Keating, CBCP, Marsh and McLennan presented the second presentation.

What is the Business Continuance Plan objective? A BCP assists organizations in managing business risk at the least acceptable level for the lowest cost. Having a BCP provides an opportunity to turn a business interruption into a strategic advantage. Your customers will want to know how well equipped you are to continue business if a disaster occurs. The business will be given to the company with the best BCP plan.

As regulated industries have been required to upgrade their BCP plans, non-regulated industries have been pulled up with them. Today, Business Continuance is a Corporate Governance responsibility issue. The #1 BCP question since the 9/11 attack is: We have a BCP, so how good is it and compared to what criteria. Presently, a BCP has to be in place before insurance companies will write Corporate Liability, Director and Officer liability, or Cyber Risk insurance.

Martin Goulboum, Service Delivery, IBM Global Services, presented "The Importance of a Resilient Infrastructure". Market dynamics have pushed Business Model changes that require a new vision for infrastructure design. Business Units and IT centers have to work more closely together to produce a Business Continuance Plan. Corporate Boards are looking at where IT fits into the organization.

IT organizations can't be in react mode. Today, Economic/Business conditions, Environmental issues, Technological issues, Political issues, and Social issues contribute to stress and strain on the business and IT infrastructure.

The following Resiliency Layers each rest on the layer below:

• Strategy
  
• Organization
  
• Process
  
• Applications & Data
  
• Technology
  
• Facilities & Security
  

Today's business expectations require that resiliency be imbedded in the fabric of the Business Infrastructure. Those businesses that succeed in building this resiliency, will be the business leaders of tomorrow.

Carl Ciengi, Legato Systems presented "Catastrophic Failure and Business Recovery after the World Trade Center Disaster". Today's business environment has left businesses newly open to attack:

• Chronic IT understaffing leaves few human resources to perform recovery.
  
• 24/7 operation leaves no time for data backup and application maintenance windows.
  

Lessons learned in the wake of the WTC disaster:

• Data restore from tape worked, but there was no documentation about what was on each tape or where the tape was located.
  
• Information on desktop PCs was Business Critical, but because they were not in the Data Center, that information was not protected.
  
• Critical personnel may be injured or dead.
  
• No documentation available about server configurations.
  
• Time wasted to find the exact location of tens of thousands of backup tapes.
  
• Time wasted to sort and read tapes to discover which tapes contained the most recent data.
  
• Documentation must be safeguarded as well as data.
  

Key mistakes made:

• Planning for the Worst Case only.
  
• Planning for the Most Likely case only.
  
• Insufficient or no testing of the Business Continuance Plan.
  

During lunch the attendees discussed and thought about questions to present to a panel of experts on Business Continuance. The panel consisted, left to right, of Steven Giordano, CBCP, Account Executive, Mail-Gard; Phil Oczkowski, Senior Strategic Account Manager, SunGard Availability Services; and Mike Reilly, President, Worksafe Midwest. Elaine Wathen, Dell, ably moderated the panel.

The panel answered the following 7 questions:

1. SunGard - Why was Availability Services added to your Company name? The name change came after the buying of Comdisco. Before that purchase SunGard was only a Hotsite provider. Now SunGard provides a broad range of Disaster recovery products and services.
   
2. Worksafe - What does your company do and is there potential for an earthquake in the Midwest? Yes, there is potential for an earthquake from the fault in Missouri all the way up into Wisconsin. Worksafe is in the disaster mitigation business.
   
3. SunGard - What are your customers wanting in disaster recovery time? Products are available to provide any level of recovery time that the customer can financially afford.
   
4. Mail-Gard - Are any companies backing up desktop print? Mail-Gard is venturing into the backup of email.
   
5. SunGard - What is happening in the Disaster Recovery arena after 9/11? The World Trade Center disaster required the recovery of work teams rather than hardware. More emphasis must be placed on providing an offsite telephone number where employees can get information about what to do after the disaster and to check in with the company. There has been much more thought on what to protect besides the Data Center.
   
6. Worksafe - What can be done to protect Data Centers from the effects of earthquakes? Data Centers have to be built with Base Isolation as is done in Japan. This allows the equipment to remain stationary while the building shakes underneath. Heavy items should also be bolted to the floor to protect people from toppling objects.
   
7. SunGard - Do you have to have separate Disaster Recovery plans for mainframes and servers? Yes, mainframes have many recovery tools. Servers have fewer tools available and can take as long to recover as a mainframe but multiplied by the number of servers. That number can be in the hundreds.
   

Ray Krukowski, CBCP, Services Continuity Specialist, Metavante presented the final presentation of the day. His presentation was titled, "Are You Ready for a Disaster?" What were the lessons learned from recent events?

Oklahoma City Bombing – 1995

• Key personnel lost.
  
• A 6 block area around the building became a Crime Scene and off limits to re-entry.
  
• You have to know who are the other tenants in your building and are they a risk to you.
  

Weyauwega Wisconsin Train Derailment - 1996

• Is your building near train lines or highways where hazardous materials are transported?
  
• If a hazardous materials release occurs, the evacuation of the area could be lengthy.
  

9-11 Attack – September 2001

• Unable to track personnel. What number do you call if the entire building is destroyed?
  
• Both cell phone and landline telephones may be inoperable.
  
• Total destruction of paper documents.
  

How do you put Disaster Recovery Changes into practice?

• Increase the awareness of Boards of Directors, Management, and Personnel.
• Analyze the risks to your company and to your suppliers and vendors.
  
• Assess the impacts on business recovery. Think outside the box for recovery strategies.
  
• Change Management has to be integrated with the Disaster Recovery Plan.
  
• Don't rely on 1 test method for your Disaster Recovery Plan. Exercise the plan with multiple scenarios. Today, customers want to be a part of any Disaster Recovery testing to assure them, that recovery is possible.
  
• Build a Business Case highlighting Risk Analysis and Business Impact to get budget dollars for the Disaster Recovery plan.
  

Disaster Recovery and Business Continuity References:

• Continuity Planner www.continuityplanner.com
  
• Disaster Resource Guide www.disaster-resource.com
  
• Disaster Survival Planning Network www.dspnetwork.com
  
• Emergency Management Gold www.disasters.org/emgold
  
• North American Emergency Management www.naem.com
  
• Rothstein's Disaster Center Index www.disastercenter.com