<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=522217871302542&amp;ev=PageView&amp;noscript=1">

Legal Requirements for Critical Infrastructure - Part 2

Posted by Andrea Short on Apr 3, 2014 12:19:38 PM

Hadley, Baxendale, you and proactive services

In my last blog, I presented the findings of the Hadley vs. Baxendale case, which was decided in England in the 19th Century.  In case you missed it, the court decided that Baxendale had to pay Hadley damages for not delivering goods or services according to an agreement between the two parties.  In doing so, it established a precedent that applies today.  An enterprise that does not deliver can be liable for damages.  The inability to deliver can result from willful neglect or from an accident of some sort.  In today’s IT-intensive operations, that could range from a major disaster to a minor firmware glitch – basically anything that can cause unplanned downtime.

Am I really liable?

Since Hadley vs. Baxendale, courts have further defined the parameters ofliability.  They are quite large. Naturally, they apply to any formal, legal contract between parties.  But they also apply in two other situations:

1. When statutory requirements exist.  Thousands of state and federal laws demand system support and recovery after outage. For example, banks must by law develop disaster recovery plans.  The same Federal law also requires that those plans be tested regularly and updated as needed.  This has expanded to service providers and critical infrastructure such as telecommunications and electric providers.  Other regulations such as the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act of 2002, and even the USA PATRIOT Act of 2001 require enterprises to deliver requested/required information within specified periods of time.  The inability to respond in a timely manner opens the enterprise up to significant penalties.

2. When common law applies. The source of common law is a combination of court decisions and very old laws. It applies broadly to a number of areas, including negligence and fiduciary responsibility.  It covers the “duties of care” a business must exercise towards its customers and shareholders. It also specifies that directors and officers of corporations to act with the prudence due to their fiduciary obligations. This latter requirement applies to businesses of all types and sizes, publicly or privately-held.  What it comes down to is this:   if you wonder whether you are liable in situations where you can’t deliver goods or services as reasonably expected, you probably are.

Fast recovery may not be enough

Many enterprises have comprehensive Disaster Recovery plans in place to address business and liability concerns.  But is that really enough?  What about that “minor” firmware glitch that causes an entire rack of blade servers to go down for an hour or two or more.  With industry analyst Gartner estimating the average cost of downtime across all industries to be in the $160,000/hour range, even such a small issue can add up to major costs, even without potential liability added in.

Fix AND prevent

That’s why more and more companies who rely on their IT environments are implementing a fix and prevent approach.  They use proactive services to identify and prevent many IT issues from occurring in the first place.  Reactive services and disaster recovery services help insure fast repairs in case a problem does occur or a manmade/natural disaster strikes.  It’s the smart approach to minimizing both the costs and liability that can result from unplanned downtime.

The right proactive service for today’s x86 environments

The term “proactive support” used to be associated with “high-priced support.”  Not anymore.  HP Proactive Care service delivers proactive and personalized support at a price that is consistent with what you’d expect to pay for x86 support … and not much more than you may be paying now for reactive-only support.  With HP Proactive Care service, you get:
  • Proactive support that helps identify and resolve many issues BEFORE they impact your  operations
  • Reactive software and hardware support that resolves any issues that do occur FAST
  • Basic triage and problem identification service for third-party software form major vendors, no matter where you purchased the software
  • Remote technical account manager and technical solution specialists who enhance problem resolution and support planning
A Personalized Support Option is also available to provide you with an assigned Account Support Manager.
I’ll provide you with a cost comparison between reactive-only support and HP Proactive Care service in my next blog.

 

Tags: Security, Business, critical infrastructure, damages, federal law, HP, hpe, legal requirements, state law, Technologies, Virtualization, B2B, legal, liability, sales, Storage, Suppliers

Subscribe to Email Updates