were adequate to ensure their continued viability. Many larger businesses experienced signifi- cant losses that caused severe long-term damage. The Insurance Information Institute issued a study one year after the attacks that estimated the total damage from the attacks in New York City at 40 billion yes, that’s with a b again. Your general business insurance may not properly cover your organization against acts of terrorism. Prior to the September 11, 2001 terrorist attacks, most policies either covered acts of terrorism or didn’t explicitly mention them. After suffering that catastrophic loss, many insurance companies responded by quickly amending policies to exclude losses from terrorist activity. Policy riders and endorsements are sometimes available, but often at an extremely high cost. If your business continu- ity or disaster recovery plan includes insurance as a means of financial recovery as it probably should, you’d be well advised to check your policies and contact your insurance professional to ensure that you’re still covered. Terrorist acts pose a unique challenge to DRP teams due to their unpredictable nature. Prior to the September 11, 2001 terrorist attacks in New York and Washington, D.C., few DRP teams considered the threat of an airplane crashing into their corporate headquarters significant enough to merit mitigation. Many companies are now asking themselves a number of new “what if” questions regarding terrorist activities. In general, these types of questions are healthy in that they promote dialog between business elements regarding potential threats. On the other hand, disaster recovery planners must emphasize solid risk-management principles and ensure that resources aren’t over allocated to a terrorist threat to the detriment of those DRPBCP activities that protect against threats more likely to materialize. Power Outages Even the most basic disaster recovery plan contains provisions to deal with the threat of a short power outage. Critical business systems are often protected by uninterruptible power supply UPS devices capable of running them at least long enough to shut down or long enough to get emergency generators up and running. However, is your organization capable of operating in the face of a sustained power outage? After Hurricane Andrew struck South Florida in 1992, many areas were without power for weeks. Does your business continuity plan include provi- sions to keep your business a viable going concern during such a prolonged period without power? Does your disaster recovery plan make ample preparations for the timely restoration of power even if the commercial power grid remains unavailable? Check your UPSs regularly These critical devices are often overlooked until they become necessary. Many UPSs contain self-testing mechanisms that report problems automatically, but it’s still a good idea to subject them to reg- ular testing. Also, be sure to audit the numbertype of devices plugged in to each UPS. It’s amazing how many people think it’s OK to add “just one more system” to a UPS, and you don’t want to be surprised when the device can’t handle the load during a real power outage