In the aftermath of the terrorist attacks on Sept. 11, 2001, Dave Rudzinsky's first thoughts and concerns were for the people affected by the tragedies. As someone who plays a critical role in his own employer's disaster readiness, he also found himself trying to comprehend the corporate devastation.
"I started thinking, what about all those businesses?" recalls Rudzinsky, CIO at Hologic, a $1.7 billion medical device company based in Bedford, Mass.
Many companies had refined their IT disaster recovery programs prior to 9/11, but the attacks exposed a lack of attention to continuity of business operations, says Roberta Witty, research vice president at Gartner.
"What happens when you lose your workforce? What if you don't have a building to go to anymore? How do you get in touch with your employees? How do you keep track of injured people? How do you shift work from one location to another?" Witty says. "Companies realized that all they had was an IT disaster recovery program. They had to focus on the business side of house, to a great extent."
The 9/11 attacks showed the world that the worst possible scenario can actually happen, says Bill Swislow, CIO and senior vice president at Cars.com in Chicago. "We understood what that kind of event could do, that it could shut down the downtown of a city for days at a time."
Since 9/11, Cars.com has focused more attention on disaster recovery and continuity of operations. It now has access to a remote office site in the event that its downtown Chicago headquarters is inaccessible, for instance. "We've thought much more about loss of physical access, and we have a plan that tries to address the situation if there's no central office for people to go to," Swislow says.
Among the changes Hologic made following 9/11 was to move key applications including its ERP systems to a hosted data center facility. The data center provider has more expertise implementing state-of-the-art disaster recovery plans and technologies, Rudzinsky says. "We're in the medical device business, not the data center business."
Hologic also has enabled more of its workforce to telework in the event of an emergency. "We certainly need manufacturing and operations people to get to the factories, but a lot of the other business functions are enabled now to work from just about anywhere," Rudzinsky says.
Before 9/11, Hologic's disaster recovery preparations were about satisfying corporate auditors. Now it's a more strategic priority, not only for IT but also for the company's top executives.
"As a small startup, we were more risk tolerant. As we've become a larger, public company, we're a lot less risk tolerant," Rudzinsky says. "On our IT agenda and our business agenda every year, IT risk and security keeps climbing."
Sign up for CIO Asia eNewsletters.