Should CIOs have a foreign policy? II

With business operations entangled in the unpredictable and sometimes volatile global scene, the answer is a resounding ‘yes’ (and the more detailed, the better).

Computerworld – In July 2005, a series of suicide bomb attacks in London’s transit system killed 56 people and threw the city into a state of confusion. The U.S.-based CEO of a multinational financial company with offices in London posed what to him seemed a simple and essential question: “Are all our people OK?”

 

Best Microsoft MCTS Training, Microsoft MCITP Training at certkingdom.com

In fact, a significantly global operation is likely to be affected by local disruptions — somewhere — on a very regular basis.

“There are events happening almost constantly at any time in different parts of the world, whether a bombing in Jakarta or an uprising in Egypt or an earthquake in Japan,” says Michael Shea, executive vice president for IT at International SOS, a company that provides medical and security services to travelers and has operations in 70 countries. With so many locations — many of them in emerging markets and other politically or economically unstable areas — operating through a crisis is business as usual. “We have to activate one of our business continuity plans about every three to four weeks,” Shea says.

Even if you have few operations in unstable areas, it’s wise to consider what events could disrupt your overseas operations, affect your overseas data or threaten your overseas employees. A well-thought-out foreign policy should be part of every CIO’s toolkit. But how can you effectively prepare for whatever disasters the world might throw at you? Here are some ideas that might help.
Don’t Plan for Everything Everywhere

In omnia paratus –“Ready for anything!” This might seem like a good approach to protecting your IT operations from all perils overseas. And indeed, some IT leaders take the position that, since there’s no way to predict what might happen next in any geographic location, the best strategy is to be ready to meet absolutely any threat anywhere it may arise.

There’s only one problem with this approach: It’s impossible to do. “Trying to prepare for everything everywhere leads you down one of two paths, neither of which is good,” says Dan Blum, an analyst at Gartner. “One path is saying that whatever you’re doing will have to be good enough, since you can’t know everything. The other is the path of being too paranoid and exhausting yourself chasing phantoms, and no organization can do that for very long. CIOs or chief information security officers who attempt to create and maintain the same very high level of preparedness everywhere will find their credibility eroding and their influence declining over time.”

On the other hand, it can be very hard to see even a short distance into the future. Consider Orange Business Services, the business communication arm of one of Europe’s largest mobile providers. The company has four major support centers in Egypt. One day last winter, Paul Joyce, senior vice president of international customer service and operations, paid a routine site visit to the company’s facility near Cairo. With protests sweeping through nearby Tunisia, Joyce asked the company’s local staffers whether they anticipated civil unrest in Egypt as well.