[Printout | Contents | Search ]

Failing safe

By Daniel A. Updegrove and Jeanne F. Curtis

During the 1989 Christmas break, while most students, faculty, and staff were enjoying their time off, temperatures dropped perilously low, and pipes froze and broke in Steinberg Hall-Dietrich Hall. Many Wharton faculty and staff returned from break to find their computers and paper files destroyed - and their work environment unusable for many weeks.

Is your office prepared for such a disaster? For example, do you have copies of critical computer and paper files stored in another facility? Could you carry out your operations elsewhere in the event that your office or building were destroyed or closed? What are the primary risks confronting your office? How much at risk are other departments upon which you depend for information, computing, or communications? How long could the University function without your services?

Concerns such as these led Senior Vice President Marna Whittington to commission a team to investigate options to improve the University administration's disaster preparedness. And, in the course of the team's deliberations over the summer, four additional events served to highlight the importance of this effort: a lightning strike near the University's (and the Hospital's) mainframe computer center; a smokey fire in the basement of the Mellon Bank building; a flood in Van Pelt-Dietrich Library; and a flood in 3401 Walnut Street, which houses (among other things) computers required for the operations of both PennNet and PennCard.

The team, chaired by Comptroller Alfred Beers and Vice Provost for Information Systems and Computing Peter Patton, surveyed approaches taken at other universities and interviewed four consulting firms specializing in risk analysis and business continuity planning. Although some institutions have focused attention narrowly on mainframe recovery planning, the team determined that, given Penn's distributed administrative and computing environment, a better approach was first to assess risk throughout the administrative infrastructure of the University. Then, contingency planning resources could be focused on the most critical operations and those that were most at risk. Of the consultants interviewed, Dataguard Recovery Services of Louisville, Kentucky was selected as having the best track record of assisting universities in such efforts.

The risk analysis, which began in October, will include management awareness seminars, questionnaire surveys, and visits to over 50 offices in schools, central administration, and the Hospital. While data collection will focus on administrative functions, the analysis and derived contingency models are expected to be useful within research and instructional environments as well.

Following the risk analysis, which is anticipated to require four to six months, schools and departments will be encouraged both to adopt safer administrative procedures and to create their own disaster contingency plans. Contingency plans, in some critical areas, may include contracting for, and preparing to use, alternate operating sites.

The original team will remain in place to advise the risk analysis effort. Jeanne Curtis, Director of Data Architecture in ISC's office of Data Administration and Information Resource Planning, is coordinating the effort with Dataguard. If you have questions or comments, you may contact her at 898-6300 (e-mail: curtis@a1.relay).