It's not every day that a CIO finds himself in a position to help his company through a major public relations nightmare. A few years ago $2 billion Potomac Electric Power Co. faced a public outcry over accusations that the Washington, D.C., utility was giving customers in the tony suburbs priority over inner-city customers when it came to fixing power lines downed by storms. Concerned citizens took their case to a Washington commission, which began an investigation.
As general manager of computer services, Ken Cohn was the utility's highest-ranking IT executive. He went before the commission to show how the company prioritizes outage repairs. When a resident calls to report lost power, the mainframe-based system maps the outage and tracks the problem to the local generator. It brings up a schematic of all the homes and businesses likely to be affected. Finally, taking into account mitigating factors (simultaneous problems, the number of people affected and whether there's a live wire on the ground), the system dispatches repair crews.
After seeing a demonstration, commission officials were satisfied that the utility was dispensing service according to a fair system. "We were able to prove that the power outages were being fixed on the basis of established priorities rather than by neighborhood or income level of the residents," says Cohn. In the eyes of Potomac Electric's executives, from the CEO to the public relations staff, Cohn was a hero for his quick action in averting further erosion of consumer confidence. Cohn was understandably proud of his information system's ability to demonstrate the integrity of the company's business practices.
On any given day, your company can be struck by the unexpected. Potential catalysts include business reversals, weather conditions and catastrophic product defects (witness the recent deaths from defective dialysis tubing and tainted juice). In a heartbeat, your executive colleagues' workload is tripled. They need to solve the problem, handle the media and the public's perceptions and, oh, by the way, keep the company running. To do that, they need information. And who keeps the keys to the information? You.
As custodian of corporate data, "the CIO is uniquely positioned to support the crisis management effort. Information serves as a basis for developing the game plan" before, during and after the fact, declares Larry Kalmis, director of business continuity solutions at Bell Communications Research Inc. (also known as Bellcore) in Morristown, N.J.
The key hearkens back to scouting days: Be prepared. When unexpected events occur, tempers flare and stress levels soar. No one is operating at optimum mental capacity. That's when the CIO needs to step in. Information helps cut through the confusion and keeps the business running. We talked with IT professionals and consultants who've dealt with crisis in both theory and practice. Their consensus for survival: With a team and a plan in place, you can work wonders.
Putting Together the Team
The heart of any crisis management plan is the group that will take over when an event is underway. Experts agree the team must be multidisciplinary and have representatives from IT, operations, public relations, human resources and security. The CIO should not head the team, suggests Barbara Reagor, senior director of risk management solutions at Bellcore. "We look at the CIO as being the team champion, not the team leader. The leader needs to be at a different level," she says.
Depending on corporate culture, that person should be the CEO or COO. If the crisis is of high public profile, it will likely be the CEO who must step in and calm the public fears. "It is important that management as a whole realizes that at the time of a crisis, be it a physical event, disruption of facilities or a PR event, a different organizational structure takes over to manage the problem. That should be a functional structure as opposed to a departmental one," says Kalmis.
Along with identifying the crisis leaders, the team must also figure out who will keep the business operating during the situation. For example, in 1991, just minutes after a gunman opened fire on patrons at a Luby's Cafeteria in Killeen, Texas, the CEO said he would handle the crisis and turned the rest of the company's operations over to his second in command. "That was wise because you can't focus on both the crisis and the day-to-day duties," says Kalmis.
At the same time, it's also important to remember that sometimes crisis response can be handled within your own department. As CIO, you may be called upon not just to facilitate the spread of information but to engineer a major change in the way the company does business. In the middle of last year satellite dish provider EchoStar Communications Corp. faced a major crisis when a deal between the company and media mogul Rupert Murdoch went sour (the failed deal is now the subject of litigation). In the months leading up to the collapse of the deal in April, EchoStar had altered its business plans in reliance on News Corp.'s promised $1 billion investment. With the additional capital gone, the company needed to regroup.
"Just about every analyst on [Wall Street] gave us only a few weeks to live," says Tom Ryan, CIO of EchoStar in Littleton, Colo. It became clear to corporate executives the company would need to take radical action in order to stay afloat. Recognizing that cost was the biggest barrier to getting new satellite dish subscribers, the company cut the consumer's upfront investment from $499 to $199.
To make the new deal profitable for both EchoStar and its dealers, EchoStar had to adopt a new commission structure. The whole company mobilized to develop new dealer agreements, marketing materials, point-of-sale materials and other campaign matter, all targeted to roll out on June 1, which was less than four weeks away.
Ryan was a central figure in making the new deal work, since it required developing a new application for calculating payments to be distributed weekly to dealers based on activation of the satellite receivers. The requirements were steep: The new system had to be able to analyze account information for over 1 million receivers and generate thousands of commission payments each week. To avoid having to print and mail all these checks and statements each week, Ryan's team conceived a secure Web site where dealers could access payment information and receive electronic transfer of funds.
"Using a traditional approach of requirements definition, system design, development, testing and deployment would have taken months. We had to have the first components deployed within three weeks," says Brian Carnell, senior NT administrator at EchoStar. "Under [Ryan's] direction, we tried something different."
The IT team abstracted the requirements rather than going through a lengthy formal requirements definition process. Then the team defined an object-based environment that encapsulated the core functions, whose behavior could be modified through the definition of business rules. Because this approach minimized the amount of code the team had to develop, they were able to meet the June deadline.
Consider, too, the situation at American Airlines Inc. Naturally, Vice President and CIO Scott Nason is reluctant to talk about how the airline handles tragedies like hijackings and crashes. But at the same time, his team plays a substantial role in keeping customers happy when the unexpected occurs. That frequently involves weather. In the spring of 1995, a monstrous hailstorm hit Dallas/Fort Worth International Airport, damaging 55 planes on the ground so badly they were grounded for repair work that lasted from a few days to several months.
The damaged planes represented about 8 percent of the company's 641-plane fleet. Their absence wreaked havoc on a schedule that encompasses some 2,300 daily flights. Rebuilding the flight schedule on such a large scale heavily taxed the company's computer systems and processes, says Nason. "It's an intensive process that would be impossible without all kinds of processing and models," he says. The shuffling involved doing something American Airlines officials understandably hate to do--cancel flights carrying confirmed passengers, especially the frequent flyer club members, whom they view as the creme de la creme. "We do care more about our better customers. We've learned to provide extra special care to them," says Nason.
When passengers are severely delayed by weather or other disruptions, Nason's staff marries the operations database with the frequent flyer database to determine which of the best customers were affected (this was not done in the case of the hailstorm, however, because the severity of the storm was obvious to anyone traveling that day). Then the staff contacts those passengers, either by phone or letter, and offers apologies and in some cases additional frequent flyer miles for their trouble. This goes a long way toward nipping negative traveler feelings in the bud.
While there are situations that can be handled solely by IT, it's still prudent to have a crossfunctional team in place. Since the team will be working closely under high-pressure conditions, it is crucial that team members work well together and can handle high amounts of stress. "When a crisis strikes, and it's a physical phenomenon, you're not going to be at your best," says Kalmis, noting that there can even be such primordial reactions as "fight or flight," where blood rushes away from one's head. "Given a choice between a sophisticated crisis command center with lots of technology or a management team [with members who] trust each other, I'd take the latter" because a team that works well together under pressure will gain control of the situation much more quickly, says Kalmis.
Grace under pressure is hard to gauge in advance, so Kalmis and Reagor suggest having a dress rehearsal to see how everyone reacts; crisis management exercises are among the business continuity services Bellcore offers. These range from a paper study of an event to a prearranged drill to an unannounced fake emergency.
Jeffrey G. Williams, who runs seminars covering disaster recovery planning and crisis management, says the stress-testing process is no different from training a volunteer firefighter, another activity he's been doing for years. "We used to put the fireman in full gear with a bag around his head and a tape playing with the sounds of the fire and a child saying, 'Daddy, save me.' The firemen who were young parents couldn't stand it. You have to find out who can do it and who can't," says Williams, president of Binomial International Inc. in Ogdensburg, N.Y.
Putting Together the Plan
For IT executives who have experienced and managed a crisis, there is nothing hypothetical about crisis management. Once they've survived their baptism by fire, the next order of business is to set up the crisis communication plan, which establishes a protocol for communicating during the crisis. This duty falls directly to IT, says Paul D. Porter, CEO of The Security Board in Minneapolis, because the CIO generally oversees all the systems--computers, phones and mobile devices--that enable communications. "Those systems are critical. It's not just a matter of getting the computers up and running during a crisis, it's a matter of where's the command center, how to feed information to executives at home," he says.
The need for crisis planning was etched indelibly on Michael Magee's mind on a summer day in June 1995 when he worked as a network manager at BTI (Business Telecommunications Inc.) in Raleigh, N.C. Around noon, a bomb sent by a disgruntled ex-husband exploded on the fifth floor of the building, seriously injuring two employees, one the target of the attack. Magee was on the ninth floor at the time.
"The whole building shook [as if] someone ran off the road and hit the building," says Magee, now an IT manager at Strategic Technologies Inc., a systems integrator in Cary, N.C.
Minutes later the authorities evacuated the building. Then the realization began to dawn that the company was unprepared for such an event. Over 500 panicked employees were baking in the midday sun of the parking lot, not yet knowing what caused the explosion or who was hurt. "It was pretty chaotic," says Magee. Finally, the CEO got up on a bench and gave impromptu instructions. For his part, Magee was charged with setting up an emergency call center at an employee's house. The FBI and the Bureau of Alcohol, Tobacco and Firearms would not let anyone back in the building for three days.
"We did recover our business operations, but we lost valuable time. With a good plan, you would have copies of the plan offsite and teams and backups would already be organized. This was an awakening for me. I've become an evangelist for these plans," says Magee. So much so that when he moved to his current job, he asked about the company's crisis preparedness. In response to his question, the CIO promptly put him in charge of crafting the plan.
Since not all crises are confined to business hours--as Magee's was--IT executives must gather contact information that goes well beyond routine business contact information. "The challenge is finding where everything is and how we get the most important information to the [team members] quickly," says Porter. "To get ahold of people under a variety of unusual situations where you need quick answers is paramount. Things have to happen right now."
Executives may well chafe at having to hand over their personal data such as home phone numbers, pager numbers, addresses and contact information for their closest relatives. The CIO should impress upon them the importance of this information, says Porter. Then, he advises, "gather the information and keep it in a sealed envelope to be opened only in a crisis."
Along with the crisis communication plan, Bellcore's Kalmis and Reagor also recommend putting together a management succession plan, which spells out the chain of command if someone is unavailable. CIOs should plan to update this information at least twice a year, they say, because personnel information is so changeable. "The document will evolve according to how your company evolves. The CIO is the one holding all this together. The CIO has the information to make this a living plan because he is the best source of information," says Reagor.
Tag, You're It
Whatever the nature of the disaster, as guardians of the corporate data, CIOs are in a position to lead the company out of crisis. Certainly, it's understandable that you might be reluctant to take on crisis-planning duties that transcend traditional data disaster recovery. "From the CIOs' side of the fence, they're under pressure on technical matters like delivery of systems. They have a challenge even staying up with the typical questions of disaster readiness under their own purview," like data backup and redundancy, says Porter.
But those CIOs who do take charge--or at least take part-in business continuity planning garner additional respect from the rest of the business team. On a good day they can also be the heroes, like Potomac Electric's Cohn. "Of all the officers, the CIO can make sure that the information is provided to the crisis management team, both in the assessment and response phases," says Bellcore's Kalmis. "But don't wait for an event to communicate. Start management talking today." As with any emergency, the time to prepare is now.
Lauren Gibbons Paul is a freelance writer in Belmont, Mass. She can be reached at laurenpaul@sprintmail.com. Additional research by Senior Editor Howard Baldwin.
An Ounce of Prevention
The Web puts a new spin on crisis communication
Come in all kinds of packages. Consider the situation facing beverage maker Odwalla Inc. when several children were sickened--and one died--when they drank juice exposed to E. coli bacteria. The company had already contracted with its public relations firm, Edelman, for help. According to Matthew J. Harrington, crisis sector and general manager in the company's San Francisco office, Edelman had created a "dark," or inactivated, Web site that Odwalla could customize with brand information and, in this case, the latest news and reassurances for anxious parents. Because the structure of the Web site was already in place, Odwalla was able to speak directly to consumers about the crisis the same day that the news broke. The site received more than 20,000 hits in its first 48 hours.
The practice of keeping a Web site "on ice," ready to be filled in with crisis-related content at a moment's notice, could be one of IT's best weapons in an arsenal of preparedness. Just as newspapers write celebrities' obituaries before they die, this practice lets companies respond to events in the fastest possible way, says Kevin Rowe, president of Eagle River Interactive Inc., which, like Edelman, will help CIOs and other executives set up a dark Web site to be used in an emergency. "Creating a Web site on demand overnight is nearly impossible. It wouldn't be professional-looking. You don't want it to look like it was just thrown together," he says. The service includes hosting because, Rowe notes, most Web servers don't have the capacity to handle a huge glut of surfers during a crisis. Eagle River charges $6,000 to set up a Web site; a launch costs another $6,000.
Because Eagle River has only recently launched its service, no customer references are available. But Rowe envisions a broad array of applications. For example, the site could offer reporters the ability to be automatically paged or sent an e-mail message if information on the site changes. Grim as it is to imagine, an airline might want to build a site on which users could enter a relative's name after a crash to see if he was on board. The site could include video clips (such as the company CEO being interviewed on CNN) and other resources such as Securities and Exchange Commission documents, says Rowe.
--L. Gibbons Paul
|
