Are you prepared for…anything?-Part 1
This is the first part of a 4 part series on writing a Disaster Recovery Plan (DRP). And a well written, and implemented, DRP is a crucial element to avoid lawsuits and public relations nightmares.
Every single disaster you may encounter needs to have its own section and emergency protocols in it. You can certainly adapt sections from other areas, but ensure that there is no confusion. And while there are innumerable disasters that cause your company to lose money and productivity, there is one thing you need before you can actually start writing your plan. A threat assessment, security/site survey, or risk analysis.
The basic reasoning for spending these financial resources ‘so foolishly’ is simple. If you don’t know what your risks are, then you’ll spend resources foolishly protecting against the wrong thing. Then when the real disaster hits you’ll be standing in the rain without an umbrella.
The criticality of whatever you need to defend is also of paramount concern. What is the most vital and critical areas of your business that needs to be protected & secured. You also need to assess the probability of such an incident happening. Sure a hurricane can be totally devastating. But is it really going to occur?
Your probability analysis has to be reassessed if things change. I’m sure you remember the old cliché; the only thing around here that never changes is the amount of change. Circumstances change constantly, no one storm is ever the same, nor does it travel the same path. And the same holds true for every single natural disaster in the world.
Likewise there is no one incident or event that is man-made that is ever the same. Certain things remain constant enough to plan for. And certain things are still done the same way. But nothing will ever happen exactly the same way twice.
Here is a list of the potential disasters, both natural & man-made, that your company might face. You have to decide which ones are the most likely in your area of the country/world as well as the probability of it occurring. And please remember that a disaster can, and usually does strike without much warning, especially with a man-made disaster.
- Earthquakes-live in the ‘ring of fire’?
- Tornadoes or hurricanes-live in the Midwest, Gulf or east coasts?
- Large scale vandalism that shuts down your business for days, weeks, or months
- Terrorism-always a possibility in these days
- Fires-whether accidentally or arson
- Active shooters-WPV can be a very real threat to any business
- Chemical spills-working with hazardous chemicals…
- Food contamination-this can be devastating for either a restaurant chain or manufacturer
- A large scale computer breach-this will adversely affect your customer relationships
One of the major concerns in writing a DRP is the simplicity of the plan itself. While it may be of great importance by your legal department to have legalistic wording, contractual clauses, & etc., it really isn’t necessary, despite what they tell you. As with your policies & procedures, it needs to be simple and easily read and understood by everyone, including those on the production floor. And that means keeping it simple, succinct, & not verbose and keeping it at a 6th (8th at the highest) Grade level.
This is especially true for the parts that will receive general distribution throughout the company. Your employees who have been designated for certain responsibilities only need to have the relevant sections of the plan. And while they need to know how important their part is overall, they don’t need to be burdened by the entire thing. You can always keep a full can complete DRP in your main office for perusal by anyone at their convenience.
On the other hand, c-suite management needs to have a full and complete copy of the DRP. And they need to understand it and how to implement it as well, no matter the cost in time and energy. The expenditure in those areas will pay dividends later. And if your legal department demands all of those legalistic, contractual clauses, & etc. then it will be kept at the C-suite level.
First of all I would propose 3 groups of people in your plan. Each set will be responsible for a separate unit of action after the disaster strikes. Now each of these groups will have responsibilities within your DRP and they must be allowed to carry them out. As with other posts I’ve written in the past, fiefdoms must be put aside and everyone work together for the betterment of the entire company and its employees.
The remainder of the posts in this series will cover those 3 sets or people and other areas that should be considered vital to your business survival. This will be a time consuming and detailed oriented project. It should take about 6 months of intensive study and planning to achieve results. But waiting any longer than that puts you at risk of…
Robert D. Sollars is a recognized expert on security issues, specifically workplace violence. He’s spent nearly 33 years in the security field. Visit his Facebook page, One is too Many, where you will read about other items related to security & WPV issues. Or be a twitter follower at @robertsollars2.
I May be Blind but my Vision is Crystal Clear