With so many natural and man-made threats, how can companies prepare? Here are four must-have elements to include in your disaster recovery plan checklist.
Hurricane Idalia. Hawaii wildfires. Flooding in California and Alaska. Severe storms in Illinois, Mississippi, and Vermont. Numerous cyberattacks targeting healthcare, manufacturing, education, and other sectors. More than 400 mass shootings from January through June. The list is just a snapshot of natural and man-made disasters in the U.S. this year (so far).
With so many threats surrounding our organizations, how are we to prepare? When disaster strikes, what are best practices for responding and rebounding from the disruption? In honor of September’s National Preparedness Month, here are four must-have elements to include in your disaster recovery plan checklist.
Start With a Disaster Recovery Plan Checklist
Disaster recovery plans emerged in the 1970s, when businesses began to rely on computer-based operations. Early plans were focused on getting information technology back up and running after a business suffered a disruptive event. These days, disaster recovery plans encompass a much broader set of events and are often a component of a company’s business continuity plan. Business continuity focuses on maintaining uninterrupted business operations. Disaster recovery focuses on getting the business back to safe, normal operations — as quickly as possible.
It’s vital that a business has a disaster recovery plan in place, so when (not “if”) a disruption occurs, everyone knows what to do. To create your plan and checklist:
- Assess the threats to your company. If you’re located on the southeast coast of the U.S., you’re at a higher risk of hurricane impact. In the north, blizzards are more of a threat. In the plains, tornadoes are more common. Global warming is only magnifying the scale of these natural disaster threats. And no company is immune to cyber threats or, sadly, the possibility of an active shooter.
- Outline your response. Identify the people and other resources needed to respond to your greatest threats. Document the steps you need to take to respond to a catastrophic event.
- Create a disaster recovery checklist. Backup and recovery company Nakivo states that a disaster recovery checklist “includes the steps which should be taken in order to rapidly resume business operations before any serious damage is done.” It can also be used as a “quick reference” to confirm that the plan includes all essential components.
- Test and revise your plan and checklist. Tabletop exercises and drills are invaluable to testing your plans and checklists, to identify what actions are likely to work — and what obstacles you may encounter — when the incident occurs. When drills identify gaps or your company’s risk profile changes, update your plan and checklist.
Effective disaster preparedness, response, and recovery is an ongoing process that focuses on these four essential elements: People, Site, Systems, and Processes.
ONE: Prepare Your PEOPLE
To be ready for disasters, your leaders and employees must be trained, skilled, and prepared.
- Disaster Response Manager. If you haven’t already, hire, train, and give authority to a Disaster Response Manager who is certified and experienced in disaster response. This person will be your community liaison and will be your internal point-person for cross-functional awareness, training, and communication.
- Company and Team Leaders. For the protection of your staff, make business continuity and disaster response planning and preparedness part of how you run the business. At least annually, train team members at all levels on how to respond in the event of a disaster. Many companies routinely conduct fire drills and cyber-attack tests. Tornado drills for some and active shooter drills for many should be added to the list.
TWO: Optimize Your SITE
When choosing, designing, and building out your work site, it’s not enough to consider your workflows. Think, too, of what you can do to optimize your operations for a potential disaster.
- Workspace. Where do you keep your inventory, office supplies, machines, files and printed records, and other assets you need for the team to do the work? Are they safe and secure? Plan for how to protect essential papers and equipment. Be sure exit signs are visible and pathways are open for a safe evacuation. Also, be sure team members know where to go to safely wait out a flood, tornado, hurricane, or active shooter, if needed.
- Structure. When you assess your company for vulnerabilities, assess the architectural and structural elements of your building. Especially if you’re in an earthquake zone, shore up areas that need reinforcement — before the disaster strikes.
- Surroundings. Be realistic about your surroundings. Are you in a flood zone? Is there a thick underbrush adjacent to your property? Is your building surrounded by tall trees? Work with community leaders to manage your surroundings. And plan to place sandbags, cover windows, and prime fire extinguishers when a natural disaster is approaching.
THREE: Assess and Manage Your SYSTEMS
Technology systems are often the first that come to mind when thinking about business disruptions. But any system that supports the operation of the building or requires electricity to function should also be considered.
- Information Technology. If you’ve been hit by a phishing, ransomware, or other cyber-attack, move quickly to contain it. Collaborate with internal and external stakeholders for a fast response. For other disasters, you’ll want to be sure your hardware is off the floor and out of the way of rising water or other dangers. If your primary data center is disrupted, shift your work and connections to run through the redundant center (if you have one).
- Utilities and Operations Systems. Heat, power, air conditioning, fire suppression, security, and other operational systems require power to function. If you lose power, you’ll need to shift to back-up power for the most essential needs until electricity is restored.
Four: Keep your PROCESSES Current
Immediate actions in response to a ransomware attack, an active shooter, or an earthquake are very different. Your checklists should be specific enough to respond to each and consistent enough to support fast actions for any incident that occurs.
- Threat Detection and Reporting. In this Forbes article on disaster recovery for IT disruptions, author Rizwan Jan urges, “At a minimum, employees need to know how to report suspicious emails and what other potential threat indicators to look out for.” That good advice applies to any disaster, not just cyberattacks.
- Safety and security. Your processes must prioritize the safety and security of the people in your care. Then, the security of the digital or real property you’re protecting. Communication is key, though the actions for each disaster will differ.
- Incident containment and response. Early actions are meant to contain the incident and stop the damage as quickly as possible.
- Recovery. Processes for recovery kick in once the disruption is contained, with a prime directive of getting the company operating safely and securely, to serve its customers and clients.
Whatever the disaster, consistent and frequent stakeholder communications and collaboration will support a faster, more effective recovery.
As the Federal Emergency Management Agency (FEMA) points out, “Disaster preparedness, response, and recovery is a whole community effort.” You and your team members are all part of a larger community. The more you prepare your team and hone your disaster response plan checklist, the better positioned you’ll be to recover quickly when the next disaster arrives.
If you’re thinking about how to best prepare and train employees — at all levels of your organization — download our Competency Management Toolkit for ideas on building the leadership and workforce skills you need. Or contact us to find out how Avilar’s WebMentor Skills™ competency management systems could support your next steps.
How Competency Management Supports Business Continuity: Q&A Session with Avilar CEO
Workplace Emergency Preparedness: Important Questions to Ask
Ready.gov has preparedness planning resources for businesses, including these toolkits: