Begin With The End In Mind – Elements Of An Effective Crisis Management Plan
When creating a business continuity (BC) or disaster recovery (DR) plan, I say “begin with the end in mind.”
A BC / DR plan’s primary goal is to help prepare an organization so it can respond to and fully recover from any disaster, as quickly as possible. But how many actually get to the end with a fully functional integrated easy to use crisis management plan (or Incident Management, Continuity of Operations Plan)? How many still have a big thick binder with multiple pages you have to flip through to find the information you need?
The point of this article is to map out elements of an effective crisis management plan with the goal of helping you avoid recovery delays and potential financial or operational disasters. Having an effective crisis management plan with each action mapped out prior to an incident is essential. Without it, your emergency response might lead to catastrophic consequences for your employees, your business and your customers.
An effective Crisis Management Plan should:
- Detail every action and decision that needs to occur in each phase of an incident, from the time an incident occurs, to the re-direction of personnel to alternate facilities, business recovery and IT recovery to the return to “new” normal business operations.
- Have action plans that are role or team-based so each user knows what they are supposed to do.
- Automatically document all actions and status information that has occurred. Have real-time tracking of an incident by allowing Response / Recovery Teams to input whether each of their assigned tasks has been completed. The Incident Log should have a time-stamp for each activity and associated user who performed the activity. Additional tasks and decisions should be able to be manually entered into the Incident Log. Not every needed task can be thought of in advance.
- Allow IT and Facilities Managers to update the status of any non-operational Critical Support Components such as damaged buildings, equipment, applications, personnel and vendors or third parties, which will then automatically determine the idled critical business functions in the business departments.
- Based on idled critical support components the proper Business Recovery plans should be easily accessible with the necessary information to begin recovery efforts.
- Allow for indicating server availability and linked technology components which are critical during an event, as many business functions and processes depend on one or more servers. Updating a server’s status to degraded performance or down will help pinpoint if critical systems have been impacted by the incident and help direct recovery efforts.
- Make it easy to access the correct IT Disaster Recovery Plans based on which infrastructure components have been idled or destroyed.
- Contain detailed documentation such as operating procedures, policies, evacuation and security procedures, damage assessment forms etc. that can be accessed immediately.
- Contain various call trees and vendor contact lists.
- Provide all the information needed to perform the post event evaluation and lessons learned to enhance performance for future improvements and to provide compliance evidence.
- Be able to be used for exercising the plans.
So are you there yet? Do your efforts reflect all the elements of an effective crisis management Plan? Have you moved from the old paper based plans to an interactive plan that begins with the end in mind?
I hope that is the direction you are heading. If not, where are you getting stuck? What’s impeding your progress? Have I missed anything? Let us know in the comments below and I’ll get right back to you.