1948 years ago in AD 63 an earthquake in southern Italy by the gulf of Naples seriously damaged the ancient city of Pompeii causing an undetermined number of deaths and spread out destruction, but the locals went to work rebuilding in the same spot until they were buried by the eruption of the Vesuvius volcano 16 years later in AD 79.
Galveston TX Hurricanes
Average Brushed or hit every 2.94 years Average Direct hit every 8.63 years
The Great Storm of 1900 - Sep 8th 1900 - Pop: 42,000 residents Category 4 @ 135 mph -Great loss of life between 6,000 and 12,000 individuals – officially 8,000
The 1915 Storm, August 17th, Category 4 @ 135 mph 42 people dead in the Galveston area
$60 - 1915 million dollars in damage
Ike Sep 13th 2008 - The third most destructive hurricane to ever make landfall in the United States Final landfall in Galveston Texas as a strong cat 2 with cat 5 equivalent storm surge winds extended 120 miles from the center.
Blamed for at least 195 deaths – 74 in Haiti and 112 in the USA 300 still missing. - Damages estimated at 24 billion (2008) US Dollars
Resulted in the largest evacuation in the state of Texas history and the largest search and rescue operation in US history
Chernobyl, An Experiment Gone Wrong
On Saturday, April 26th, 1986 at 1:23 am, one of the reactors at the Chernobyl nuclear power plant exploded. Ironically, the experiment consisted in testing how the power plant would respond in the event of an accident. The operators at the plant wanted to bring down the power output of the reactor to 25%, but over-confidence, poor training and poor knowledge of how a reactor works caused them to overdo it, and they ended up bringing down the power output to 1%. When they then tried to bring it up to 25%, the reactor overheated and exploded causing the worst nuclear accident in history.
Rooted in the need to protect expensive investments in mainframe computer systems, the business continuity profession was originally called “disaster recovery”. Considering that millions of dollars were typically invested in medium- to large-scale installations, often in a single data center, many companies were at risk of catastrophic loss if their “glass houses” were damaged or destroyed.
During the late 1970s, the height of the mainframe era, a number of visionaries in the US, UK and other parts of the world realized that they had to develop ways not only to protect their massive investments from potential disasters, but also to devise procedures for recovering and restoring systems and data to their original pre-disaster state.
Leveraging vendor support, planning and project management skills, as well as common sense, the early disaster recovery planners created primitive – by today’s standards – recovery plans and strategies to protect their complex infrastructures. A few early technical standards emerged, such as “circulars” issued by the U.S. Comptroller of the Currency, Federal Information Processing Standards (FIPS), and others mostly from financial sectors.
As the embryonic profession entered the 1980s, several of the early visionaries realized there was money to be made by selling their disaster recovery skills to others. These individuals were, essentially, the “founders” of the profession as we know it today. Only a few books and technical articles were written on the subject during the 1980s; it was such a new activity.
One of the first professional groups to address the discipline was the Association of Contingency Planners (ACP), opened its doors in 1983. The Contingency Planning Exchange (CPE) and Disaster Recovery Information Exchange (DRIE) launched in 1985 in greater New York City and Toronto, Canada, respectively. Survive, based in London, UK, launched in 1989. The first publication to recognize the new discipline, the Disaster Recovery Journal, launched in 1987.
Disaster recovery was truly a global phenomenon. Other city-based professional groups emerged during the 1980s; their mission was to network, exchange ideas, and educate themselves on the profession. It still is today. The first book publishing firm dedicated exclusively to disaster recovery was Rothstein Associates, Inc.
The first organization that offered professional accreditation in disaster recovery was the Disaster Recovery Institute, today known as DRI International, which launched in 1988. Various companies entered the disaster recovery industry during the 1980s, including SunGard, Comdisco, IBM, Hewlett-Packard, Iron Mountain, Vital Records, BMS Catastrophe, and many others.
The profession was gaining acceptance as an important element in data processing and information technology departments around the world. More attempts at standardization occurred; these efforts were supported by the DRI and its accreditation program. A few academic institutions offered coursework in disaster recovery.
As the disaster recovery profession entered the 1990s, it became clear that entire enterprises – not just data centers – were in need of the protective aspects of disaster recovery. To reflect this gradual shift to a holistic business focus, the profession was soon known as business continuity. As is often the case, more vendors entered the game; more publications competed for readers and advertisers; new professional groups chartered around the world; and a new accreditation group based in the UK, the Business Continuity Institute, entered the game in 1994.
A new publication, Contingency Planning & Management, entered the game in 1997, despite the failure of several other magazines.
As the US economy exploded during the 1990s, the business continuity profession also experienced solid growth and acceptance, albeit mostly in such industry sectors as banking and finance, insurance, health care, and pharmaceuticals, where heavy government regulation and scrutiny were the norm. Many focused efforts in business and government sectors resulted in better defined and standardized business continuity activities.
Practitioners had numerous software-based products that could greatly enhance their abilities to complete business continuity projects. A few more academic institutions offered courses, but more emphasis was placed on emergency management.
As the profession proceeds through the early part of the 21st century, it faces perhaps its greatest challenges. With a base of perhaps 15,000 to 20,000 practitioners worldwide, the profession is challenged to assert its position as a valuable part of corporate governance.
In the aftermath of several devastating disasters, such as September 11, 2001, massive hurricanes in 2004 and 2005, and numerous terrorist activities around the world, the profession is challenged to define not only its presence, but its value proposition to business and government agencies that may still be largely ignorant of its value. The prospect of still more natural disasters looms over this country and around the world, as does the threat of terrorism in the form of chemical, biological, radiological and nuclear events.
The business continuity profession is at a major crossroads in its limited history. It continues to define itself, its standards and professional practices, its professional recognition and acceptance, and its role in the areas of risk management and corporate governance. To be successful in the future the profession must gather its various elements into a cohesive holistic approach to protecting business and government. It must be able to work effectively with other related disciplines, such as physical security, information security, facilities management, emergency management and homeland security. And it must earn the respect and acceptance of business and government leadership, the same as other professions like engineering and accounting.
Paul Kirvan, FBCI, CBCP, CISSP
1166 Avenue of the Americas
New York, NY 10036