Governance, Risk & Compliance: GRC
The 3 Key Elements of an Effective Crisis Management Plan (Actually, there’s 11)
Validate your disaster recovery plan with our new business continuity plan checklist.
When creating a Business Continuity (BC) or Disaster Recovery (DR) plan, “begin with the end in mind.” After many years working with organizations, SAI360 has developed a checklist to evaluate the completeness and maturity of their business continuity plans. Companies that develop business continuity plans that check these boxes can be sure that their plans will support them effectively in times of crisis.
A BCP/DR plan’s primary goal is to help prepare an organization to respond and fully recover from any disaster as quickly as possible. But many organizations get to the end of this process without a fully functional, integrated, and easy-to-use crisis management plan. Some still have office closets full of black binders with titles like “2018 Incident Management Plan.” Those dusty binders didn’t help anybody when the pandemic hit organizations in 2020.
SAI360 created this checklist of elements that comprise an effective crisis management plan with the goal of helping organizations avoid recovery delays and potential financial or operational disasters.
Having an effective crisis management plan, with each action mapped out prior to an incident, is essential. Planning with cool heads before a crisis will always pay off in the heat of incident management. Without it, your emergency response might lead to catastrophic consequences for your employees, your business, your brand and your customers.
Does your crisis management plan…
- Detail every action and decision that needs to occur in each phase of an incident, from the time an incident occurs, to the re-direction of personnel to alternate facilities, business recovery and IT recovery to the return to “new” normal business operations?
- Have action plans that are role or team-based, so each user knows what they are supposed to do and in what sequence?
- Contain calling/texting trees and vendor contact lists as well as methods for keeping these lists up to date over time?
- Contain detailed documentation such as operating procedures, policies, evacuation and security procedures, damage assessment forms, etc.?
During an incident, does your crisis management system…
- Remain easily accessible with the necessary information to begin recovery efforts, even with idled Critical Support Components?
- Automatically document all tasks and decisions during an incident as they happen, with as little effort as possible?
- Provide real-time tracking of an incident by allowing Response / Recovery Teams to input whether each of their assigned tasks has been completed.
- Have an Incident Log with timestamps for each activity and associated user who performs the activity.
- Allow additional tasks and decisions to be manually entered into the Incident Log.
- Allow for indicating server availability and critical linked technology components? Many business functions and processes depend on one or more inter-related servers. During an incident, updating a server’s status to “degraded performance” or “down” can pinpoint critical systems that have been impacted by the incident and help direct recovery efforts.
- Allow IT and Facilities Managers to update the status of any non-operational Critical Support Components such as damaged buildings, equipment, applications, personnel, and vendors or third parties, which will then automatically determine the idled critical business functions in the business departments?
- Make it easy to access the correct IT Disaster Recovery Plans based on which infrastructure components have been idled or destroyed.
After an incident, does your crisis management plan…
- Provide all the information needed to perform the post-event evaluation and lessons learned to enhance performance for future improvements and to provide evidence for compliance audits.
- Remain complete, up-to-date, and flexible enough to be used to testing and exercising the plan.
So, are you there yet? If you haven’t moved from a paper- or spreadsheet-based DR plan to a modern business continuity management platform, you are setting yourself up for failure.
Going through this checklist is a good place to start putting your new plan together. Businesses that have already moved their BC/DR plans online need to have the people and processes in place to regularly stress test and update their systems and data.
Learn about SAI360's solutions for disaster recovery and business continuity management.