Several organizations will go out of business in 2015. Several others will be sued. A number of executive will lose their jobs. Here's one company's story...
2009: Company implements Critical Application software package. For the purposes of this story, it can be an accounting package, inventory, payments package or whatever. Great functionality, ahead of its time. Runs like a champ on Windows XP. Company gets a great uptick in productivity and efficiency. Relations with suppliers and vendors dramatically improves.
2010: Company's "IT person" (it could be a dedicated technologist or just the office manager) finishes the latest patch update to the Critical Application, then announces his resignation. "Boss, everything's up to date. I can now go with a clear conscious."
2011: Company's Finance person upgrades the PC running the Critical Application. The PC came with Windows 7, but he installs Windows XP from his old disk set for compatibility. Later that year, he retires. "Boss, I love it here but it's time for me to move on. Don't worry, I trained my replacement." The replacement, who learned how to run the Critical Application but not how to update it, does her job, thinking to herself, "Gee, I wish they taught me how to update the system and left some documentation, but I guess it's OK because the interface is really easy and it still runs well on Windows XP!"
2012: Company decides to develop a Disaster Recovery/Business Continuity Program! Why? Maybe a customer requested a copy for due diligence. Maybe the Board asked how they were managing risk. Maybe the VP went to a conference. Whatever the reason, they want to do the right thing. So, they hire consultants who produce volumes of spreadsheets, charts, graphs and PowerPoint. The end result is a set of impressive "Code Red" binders and a set of recommendations, among which are:
2013: Critical App Corp is acquired by UberCool, who announces plans to merge the functionality of the old application into their new platform in 2014 and make it available for Windows 8
2014: Microsoft Windows XP support ends Tuesday: Why users need to upgrade -- now
2015: Company experiences a minor emergency situation. Their headquarters is damaged, and some of the office equipment is gone, including the computer that runs the Critical Application. "Quick, the Plan!" They get the binder and start to familiarize themselves with its contents
2009: Company implements Critical Application software package. For the purposes of this story, it can be an accounting package, inventory, payments package or whatever. Great functionality, ahead of its time. Runs like a champ on Windows XP. Company gets a great uptick in productivity and efficiency. Relations with suppliers and vendors dramatically improves.
2010: Company's "IT person" (it could be a dedicated technologist or just the office manager) finishes the latest patch update to the Critical Application, then announces his resignation. "Boss, everything's up to date. I can now go with a clear conscious."
2011: Company's Finance person upgrades the PC running the Critical Application. The PC came with Windows 7, but he installs Windows XP from his old disk set for compatibility. Later that year, he retires. "Boss, I love it here but it's time for me to move on. Don't worry, I trained my replacement." The replacement, who learned how to run the Critical Application but not how to update it, does her job, thinking to herself, "Gee, I wish they taught me how to update the system and left some documentation, but I guess it's OK because the interface is really easy and it still runs well on Windows XP!"
2012: Company decides to develop a Disaster Recovery/Business Continuity Program! Why? Maybe a customer requested a copy for due diligence. Maybe the Board asked how they were managing risk. Maybe the VP went to a conference. Whatever the reason, they want to do the right thing. So, they hire consultants who produce volumes of spreadsheets, charts, graphs and PowerPoint. The end result is a set of impressive "Code Red" binders and a set of recommendations, among which are:
- Take regular backups of systems, including the Critical Application
- Establish a quick-ship agreement for replacing PC's
- Establish workarounds to address the loss of critical applications
- Audit the backups regularly to make sure they are usable
- Exercise the plan, including exercising under realistic conditions
2013: Critical App Corp is acquired by UberCool, who announces plans to merge the functionality of the old application into their new platform in 2014 and make it available for Windows 8
2014: Microsoft Windows XP support ends Tuesday: Why users need to upgrade -- now
2015: Company experiences a minor emergency situation. Their headquarters is damaged, and some of the office equipment is gone, including the computer that runs the Critical Application. "Quick, the Plan!" They get the binder and start to familiarize themselves with its contents
- Day 2: The quick-ship computer arrives one day late. The recovery manager learns for the first time that the backups do not work as expected (remember, they never tested them). They get in touch with the backup Customer Support, who tells them that they will resolve the problem and get a working backup to them within two days
- Day 5: The backups finally arrive - the best the vendor could deliver was two-year-old backups. The recovery manager gets them loaded onto the new PC, after figuring out how Windows 8 works and applying the latest patches. "Error: Critical Application Not Supported by Windows 8, Recovery Aborted". (Remember, Windows XP was phased out, and Company never upgraded or patched the Critical Application) The recovery manager calls the Critical App Corp number in the Disaster Recovery Binder, but the number is out of service
- Day 7: The recovery manager has found an old Windows XP disk set in an old box of supplies. Disk 2 is scratched and unreadable, but Disk 1 runs to completion. "Error: Unsupported Hardware Encountered, Windows XP Cannot Continue"
- Day 8: The recovery manager finally found UberCool's Technical Support Line.
"Sorry, we merged these two products in 2014. We can help you migrate onto the
new UberCool platform, but we cannot guarantee that it will read the file format
from your two-year-old backups" - Day 12: The complaints from suppliers and customers are piling up. "What do you mean, you still can't process our financials? You said the emergency was minor! You even have a Disaster Recovery Plan - you showed us the binder and everything! Your excuses are starting to wear as thin as our patience!"
- Day 18: The recovery manager is still struggling to work out the project plan for the migration to the new system along with the other recovery activities. UberCool has given them a quote for a custom interface to the old backups - premium rip-off pricing but at least it should work
- Day 24: Company's two largest suppliers have suspended service - "Your so-called emergency is hurting our reputation. We have to get our products out by other means". Company's customers are looking elsewhere - "Sorry but we need what we need. We Googled other companies that offer Suppliers' products. Maybe we'll get back to you".
- Day 31: UberCool informs the recovery manager that the interface will be delayed by one month. The good news is that the delay is not on the critical path for the overall migration, which will take 60 days
- Day 32: The contractual penalties for non-performance kick in. Suppliers and the insurance company reject the argument of Force Majeure - "that only apples to a disaster, not a minor situation and the loss of a couple of computers. Sorry!"
- Day 40: Company is featured in a news article: "Hard to Build, Easy to Lose: Why Brand Matters and Why Protect It"
- Day 60: Company's Board and Audit Committee have met...