The headlines are already full of major storms hitting both U.S. coasts, and businesses around the country know that disaster can strike at any time. Storms, fires, floods or malicious activity by hackers can bring key systems to their knees in minutes. Without the right plans in place, your organization can struggle with everything from contacting customers and employees to bringing key services back online.
Creating a disaster preparedness plan and then leaving it static until a disaster occurs could be setting your organization up for failure. According to the Insurance Information Institute, 40% of businesses don’t reopen after a disaster – and another 25% fail within a year. Mid-size organizations can increase their resiliency by investing in the right level of preparedness now. Here’s a quick guide on how to stress test your disaster preparedness strategy now and make improvements where necessary. It’s a small investment of time that can pay big dividends when disaster strikes.
Updates: It All Starts with Being Current
One element of a disaster recovery plan starts with building components into the plan for regular review, updates and management. For example, if your employee contact list is more than a few months old, it may list the wrong employees in specific positions or contain out-of-date contact information. Create a schedule for reviewing and updating plans on a regular basis. Monthly, quarterly or annual reviews may be appropriate depending on your organization’s needs. Some common areas that may need to be updated include:
- Employee information
- Customer information
- Key IT systems
- Available equipment lists
- Plans for communication and dealing with physical office issues
Testing the Essential Parts of a Disaster Plan
Once you’ve taken the time to make sure that the basic information in your disaster preparedness plan is current, it’s time to test the different elements for how they are working. These include:
Communications plans: When disaster strikes, communication is essential. How will you let employees know whether to come in to work or to work remotely? Will you use social media, phone calls or other methods to connect with customers? Consider testing your communications plans to identify realistic speeds and troubleshoot issues that may arise.
Essential equipment: What steps do you have in place to deal with physical plant or facilities aspects of your business? For example, generators may be required in the case of a power outage. Regular maintenance is no doubt a regular part of your plan. However, take the time to assess whether these essential pieces of equipment will meet your needs and function well under stress.
Disaster recovery: Getting your IT back online after a disaster may be one of the most important parts of your preparedness planning. Assess your recovery time objectives. How will you get your data, applications and systems back online? Does your plan provide a solution, such as a disaster recovery plan that can implement virtual environments if your physical hardware is damaged or inaccessible? How long is reasonable for different systems or data to be offline, while minimizing impact to the business?
Emerging threats analysis: Your disaster plan likely outlines a range of threats, from storms to hacks. However, different factors influence the landscape and change over time. Revisit your threat analysis. Are those outlined still reasonable concerns? Should anything be added? Does the likelihood of something occurring, such as a hacker attack, need to be assessed in light of changing dynamics?
Holistic drills: Put it all together. Consider running contained drills on an annual basis — not just to test individual components, but to see how your disaster preparedness plan works as a whole. If there are gaps or pieces that don’t work seamlessly together, drills may help call attention to these issues so they can be addressed before disaster strikes.
Don’t Overlook Staff Training
A plan is only as effective as the individuals who are prepared to carry it out. Your review and test should involve evaluating the training that’s needed to support a disaster preparedness strategy. Here are some points to consider:
- Broad training for the entire company, so employees understand basic procedures to follow in case of a crisis
- In-depth training for your most important responders, who might include customer service, executives, IT and others
- Annual or regular courses to revisit training and ensure that the latest plans are understood by everyone involved
- Gap-stop training for new hires and people who may not have been part of your original organization-wide session
The Importance of Feedback Loops
Build time into your disaster preparedness plan to conduct a post-mortem on how everything went. Don’t just test for formal metrics. Ask staff for their feedback. Were there roadblocks or issues that were hard to account for through formal channels, but should be considered? For example, one company had an office manager whose job was to call everyone after a major emergency, but the plans didn’t account for what she should do if her home connectivity was down. These small factors can make all the difference in your plan’s effectiveness when time is of the essence. Take the time to carefully assess all the insights you can gather. You’ll be able to update your plan, develop contingencies and find workarounds to pervasive problems. Capturing these insights into your documentation will allow for measurement and continuous improvement over time.
You’ve created a disaster preparedness plan — and that means you’re well ahead of any emergency that strikes. However, disaster preparedness is an ongoing commitment. Put plans in place to keep your strategy updated, and regularly test the key components of the system. By spending time reviewing these essential elements of business, you’ll be in a strong position to successfully weather any storm.