ID Number: G-10-9113



Executive Summary: Executive Lessons Post September 11
1 April 2002
 
Chuck Tucker   Richard Hunter  

Boards of directors and senior management have an important fiduciary duty to ensure that their enterprise assets are protected. They need to take the lessons of Sept. 11 seriously so that their business continuity plans stand up to the new realities.






Browse Topics


Other Options







Contact Gartner






Download Document:

PDF
executive_summa...pdf (170.5KB)

Help with Downloads



small white arrow Foreword

Within minutes of the first plane crashing into the World Trade Center in New York City's financial district on September 11, 2001, more than 200 organizations began declaring disasters with their business continuity and disaster recovery service providers. Hundreds more put their recovery plans in motion using internal resources.

What lessons did these organizations learn about dealing concurrently with loss of staff, facilities, communications and other infrastructure on a massive scale? And what role can boards and senior management take in ensuring that the enterprise's assets are protected?

This report summarizes the lessons learned by organizations whose business and IT capabilities were damaged or destroyed by the Sept. 11 terrorist attacks. It recommends prudent steps that boards should take to ensure that their organizations have adapted their business continuity plans to the new realities.

Executive Lessons from September 11 was written by Chuck Tucker and Richard Hunter (Gartner Executive Programs vice presidents and research directors). They were assisted by members of the EXP research team: Marianne Broadbent (group vice president and head of EXP research), Roger Woolfe (vice president and research director), Marcus Blosch and Andrew Rowsell-Jones (research directors).

Many organizations and individuals contributed to this work, and in particular:

  • Organizations in New York City and Washington, D.C., that were affected directly and indirectly by the Sept. 11 events. All of them asked to remain anonymous.
  • Colleagues both within and outside Gartner: Susan Alnes, Charles Chang, Brendan Conway, Fred Luevano, Simon Mingay, Tina Nunno, John Roberts, Donna Scott, and Roberta Witty.
small white arrow Executive summary


September 11, 2001, changed the way people and businesses view the world.

The organizations most directly affected got through it – some well, some barely, none perfectly. All faced unforeseen obstacles and complications, including the impact of a rapid succession of real and threatened events.

Levels of preparedness and damage/loss varied considerably, but all major organizations successfully recovered critical business and technical operations.

But recovery for some capabilities, facilities and people is still underway six months after the attacks. Some businesses still operate in cramped, temporary quarters and will continue to do so until permanent space is ready. Some individuals still relive the experience and suffer from the physical and psychological effects.

What is business continuity planning?

Business continuity planning describes how an organization will keep functioning until its normal facilities are restored after a disruptive event. Business continuity planning has five components:

  • Disaster recovery – Plans for orderly restoration of computing and telecommunications services after a disruptive event
  • Business resumption – Workaround procedures for business processes, used until the processes are recovered
  • Business recovery – Plans for complete recovery of business processes, including the people, workspace, non-IT equipment and facilities
  • Contingency planning – Plans for responses to various external events
  • Crisis management – The overall coordination of an organization's response to a crisis to avoid or minimize damage to profitability, reputation or ability to operate

We worked with seven organizations in New York and Washington, D.C., affected by the attacks in preparing this report. All requested anonymity. We also included data from the 230 organizations that participated in the joint Gartner EXP and Society for Information Management (SIM) Business Continuity Readiness Survey conducted in November 2001. Combined with our research from other sources, these results provide a more global picture of how organizations are responding.

The report is organized in four major sections.

Section 1: Through the haze, planning gaps were clearly visible

In the face of a disaster orders of magnitude larger than anyone had ever anticipated, many companies found that their business continuity plans were inadequate, incomplete and untested. They focused on IT assets rather than people and business processes.

"The bar on business continuity planning best practices got raised, and enterprises need to take these lessons on board so they don't have to learn them again."

Simon Mingay, Vice President, Research and Advisory Services, Gartner, Inc.

Section 2: People, workspace and telecom loss hampered recovery

People need to feel safe, have a place to work and the means to communicate to be productive. The Sept. 11 attacks disrupted all three. Recovering all three took much longer than planned.

Section 3: Effective crisis management helped

Coordinating recovery efforts and communicating internally and externally are two critical crisis management roles. Enterprises that had rehearsed crisis management plans had the advantage of an early, well-coordinated start on their recovery efforts.

Section 4: Next steps

The events of Sept. 11 raised the bar and changed the assumptions on which many business continuity plans were based. Now is an excellent time to evaluate your continuity planning, rethink your procedures and ensure responsible governance.

An epilogue and further readings follow at the end.



Browse Topics:
 
Disaster Recovery
Business Continuity Management
CIO and IT Leadership




© 2002 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner's research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.




Resource Id: 366214