The widespread use of outsourcing arrangements to cut costs and maximise efficiency has highlighted the need for companies to feel confident that their partners have robust catastrophe risk management plans in place. With many companies contracting out business-critical information technology functions, such as payment processing or applications maintenance, to external providers, the risks to reputation and potential for damage to the business should these services be disrupted by a major incident are considerable.
One information technology (IT) outsourcing provider that has demonstrated its ability to respond to catastrophe is Northgate Information Solutions, a UK company that supplies payroll services to a range of public- and private-sector clients.
In the early hours of Sunday, December 11th 2005, an explosion at Buncefield oil depot in the UK caused the largest fire the country had seen since the second world war. The blast partly destroyed Northgate's headquarters, which was in the nearby Maylands industrial estate, and devastated the servers on which company data were held, causing massive disruption to operations.
"We had 212 customer systems running from the data centre, and we lost all of them," explains Chris Stone, chief executive of the company. "We also had about 450 employees who usually worked from that building, although fortunately, because the explosion happened very early on a Sunday morning, none of them was there at the time."
The company responded quickly, and within an hour of the explosion had set in motion a disaster recovery plan. At 7.30 am Mr Stone had his first conference call with his executive committee, during which he allocated specific responsibilities for each of the different tasks around communication, planning, and contacting suppliers and customers.
With e-mail taken out by the explosion, employees were contacted on company mobile phones by a text message, which pointed them to a website that had been set up to answer essential questions they might have, such as the location of temporary facilities. For many this meant travelling to alternative premises operated by Sungard, the company's disaster recovery provider, and beginning the arduous job of restoring customer systems.
"Having a disaster recovery contract is just like a building block—all it does is tell you that there is a facility that will be ready for you to build all your systems," explains Mr Stone. "Actually rebuilding all those systems is a major undertaking. We had about 150 people working constantly in 12-hour shifts over the next two weeks, rebuilding all the systems and making sure that we got all the essential customer systems up and running."
Customers were kept abreast of the situation by individual account managers, who in turn were briefed by and communicated with sales directors and divisional managing directors. "We worked closely with our customers, trying to prioritise their needs and make sure that we didn't miss a single payroll," explains Mr Stone. "And in the end, this is something that we managed to achieve."
Mr Stone believes that if the company had not had robust business continuity and crisis management plans in place, it would not have survived the Buncefield explosion. "If a disaster like that happens and you are not prepared," he says, "you are never going to be taken seriously by anyone ever again."
As it is, the company has since gone from strength to strength, and in June this year announced that, despite the blast, annual pre-tax profits had doubled to £30.6m. "We lost one contract following the explosion but, in the following ten weeks, we won 60 new ones," explains Mr Stone. "It's pretty clear that when we talk about commitment to customers, it's something that we really mean."
