Given the current world-wide tensions, and risks of terrorist attacks, I feel that it is appropriate to address the issue of contingency (disaster) planning.
This is one area often overlooked by organisations. However, it is an area which they can ill afford to neglect. A major disaster such as a fire, bomb attack or flood can threaten the ongoing activities and profitability of the organisation; either directly by destroying or incapacitating an office or factory, or by disrupting the activities of key suppliers of eg IT, telecom or raw materials.
Adequate contingency planning should ensure that the organisation can continue to function and be able to process orders and transactions etc, in the event of a disaster outside of its control; eg a fire destroying the mainframe or a bomb destroying a key piece of infrastructure.
Key features of effective contingency planning include the following:
Ensure that members of the organisation know what procedures to follow in the event of a disaster, ie there should be a written contingency plan, copies of which are distributed to all members of personnel.
There should be of a list of off site telephone numbers from where to obtain instructions as to what to do.
There should be a team of managers assigned the task of managing the disaster.
Accommodation should be available, eg spare offices or a hotel off site, where telephones and computer cables etc can be installed in a relatively short period of time.
Spare capacity on an off site computer should be available; either using the mainframe of another unit within the same organisation, or a third party machine on which the right to access is purchased by an annual fee.
There should, at least once a year, be a practice disaster to ensure that the plans do operate as expected. The results of the dry runs should be analysed and any improvements arising from them be implemented, and communicated, to the employees as soon as possible.
I have put together a “high level” checklist below which provides a good starting point for organisations wishing to review the effectiveness of their contingency planning. Areas which are found wanting should be addressed.
1. Have all assets that are essential to the continuation of the business been identified; eg staff, equipment, intellectual property, materials and telecommunications?
2. Have the potential costs and impact of not having a business continuity plan been identified eg lost business, legal implications, credibility?
3. Is there a disaster team (membership to include HRM, building facility manager, building security manager, communication manager, key user management representatives)?
4. Is there a list of personnel authorised to declare a disaster?
5. Are there procedures in place to mobilise the disaster team?
6. Does each member of the team have primary and secondary contact numbers?
7. Does each member of the team know his/her duties?
8. What are the notification procedures for communicating to members of staff during a disaster?
9. Does every member of staff have procedural documentation for what to do in a disaster?
10. Is there a list of contact numbers for members of staff to use in the event of disaster?
11. Is there an alternative site to use in the event of non accessibility to normal site caused through eg fire, power failure etc?
12. Does this alternative site have adequate facilities for IT, telecommunications etc?
13. Do personnel have maps/directions to the alternative site?
14. Is there insurance cover for both loss of income and costs of business resumption?
15. Is there suitable power back up, eg on site generator, in the event of a power failure?
16. Are all IT back up procedures re software and hardware adequate in the event of fire, power failure etc? Bear in mind power failure may occur, when no one is on site to shut down the systems.
17. Are all key back up documents, tapes, discs etc stored offsite in fireproof waterproof containers?
18. Is there a procedure, and person responsible, for communicating to the press etc during the disaster?
19. In the event that the normal business site cannot be used during the disaster is there adequate security to prevent unauthorised access?
20. Have compliance certificates been obtained from third parties eg banks, utilities, landlords, warehouses and suppliers?
21. Are there documented procures that detail how to obtain emergency funds in the event of disaster, eg collapse of the local banking system?
Do you know what to do in the event of a disaster? Should you work for an organisation where there are gaps in the contingency plans, then draw their attention to this checklist.