Lockheed Martin: Disaster Recovery and Business Continuity Plan
Lockheed Martin is a global security and aerospace company. Operating in 18 countries, with over 590 facilities and business locations, Lockheed Martin has over 100,000 employees in US and internationally. A major US Department of Defence and several foreign government contractor, Lockheed Martin is a leading innovator in all four business areas of operation: Aeronautics, Missiles and Fire Control, Rotary and Mission Systems and Space. If anything, security and innovation are central to Lockheed Martin’s mission and vision. Testing – applied consistently and rigorously in all suitability operation environments for legacy and innovative products and services, including for one of world’s most innovative fighters: F35 (Lockheed Martin, 2011) – is a major component in Lockheed Martin’s innovation philosophy and practice.
Testing at Lockheed Martin is, for current purposes, examined from a Disaster Recovery (DR) and Business Continuity (BC) perspective.
- DR/BC Plan: Models, Components & Practice
Global in reach and operations, Lockheed Martin is subject to a broad range of risks. Generally, IT assets are first critical assets companies seek to secure prior to, during and after a disaster. However, IT assets represent only one component – important as is – in a long list of assets a global company needs to protect and, once a disruption occurs, recover quickly. DR/BC practice across industries show five areas of highest priority: (1) Information, (2) Communication Infrastructure, (3) Access and Authorization, (4) Physical Work Environment and (5) Internal and External Communication (Slater, 2015).
To plan for DR/BC, Lockheed Martin needs to spell out six main steps: (1) Establish DR/BC Task Force; (2) Identify Risks; (3) Assess Risks; (4) Define Roles & Responsibilities; (5) Coordinate Efforts; and (6) Practice.
Lockheed Martin has made steps to develop a companywide DR/BC plan. Having identified inconsistencies in company’s DR/BC practices, Lockheed Martin and Software Engineering Institute collaborated in developing a seamless and modular DR/BC plan to help assess potential operation risks at Lockheed Martin. The initiative focused on six main areas: (1) IT Disaster Recovery, (2) Business Continuity, (3) Pandemic Planning, (4) Workforce Continuity, (5) Crisis Management and (6) Emergency Management. Testing different DR/BC models, CERT® Resilience Management Model (RRM) was proven best based on model’s high customizability, scalability and measurability potentials for Lockheed Martin (White, Mehravari & David, 2011).
Based on achieved successes during applying RRM, Lockheed Martin should adopt RRM as a main model used by an established DR/BC Task Force to identify and assess risks, define roles and responsibilities, coordinate efforts and develop practice initiatives and programs.
The DR/BC Task Force should, ideally, include representatives from all four business areas of operation at Lockheed Martin. Using RRM and informed by inputs from different business units, DR/BC Task Force should develop a strategic annual DR/BC plan. This strategic should guide all DR/BC efforts made by all concerned internal and external stakeholders. Moreover, communication should be consistently emphasized in a proposed DR/BC strategic plan since communication is, after all, critical in DR/BC efforts, particularly during a major crisis. There should also be a detailed outline of how all internal and stakeholders should communicate prior to, during and after a crisis. The DR/BC Task Force is also responsible for allocating roles and responsibilities. Ideally, a DR/BC Liaison Officer should be identified in each business unit as a primary channel of communication in her respective business unit or department. This should facilitate coordination efforts, particularly during crises. Typically, risks should be identified and assessed as needs arise and not only as per routine deadlines to ensure more agility in response. For instance, international Lockheed Martin facilities – particularly in hotspots such as Middle East – might need more attention to physical asset DR/BC compared to US facilities which, according to current practice, are much more secure and industry-endorsed (“Five Lockheed Martin Facilities Earn Highest Security Honor,” n.d.). Finally, practice makes perfect. This cannot be overemphasized for a security company and even more so for a DR/BC plan. The constant practice and simulation of actual risks at unit and corporate levels should make Lockheed Martin well prepared for a disaster and/or business disruption event.