Patch the Roof Before the Storm: How to Prepare for Disaster Recovery
|You can’t predict the weather, but you can predict your reaction by pre-planning disaster recovery efforts.|
When is the best time to fix your roof: after the rain stops, during the rain or before the storm? Pre-disaster planning can serve to support and sustain disaster mitigation and recovery efforts, if created well in advance of any disaster or emergency. By discovering the “leaky roof” in your emergency plans before the emergency, you have the option of repairing the holes in your recovery plan rather than being forced to apply the security equivalent of a tarp or a bucket to mitigate the damage.
In April 2011, Presidential Policy Directive 8: National Preparedness identified five mission areas as prevention, protection, mitigation, response and recovery. For a security department, the first four mission areas are foundational elements. Many departments may believe the fifth isn’t one of their prime responsibilities, but let’s look at recovery from a different perspective.
We have seen the images of widespread devastation shown by national news agencies following earthquakes, tornadoes, wildfires and floods. The security department can be a guiding light through these natural disasters, terrorist attacks, pandemics and challenges of a significant industrial or technological accident. Regardless if the victim is an employee, a customer on company property or an individual off the street seeking shelter, the security department must be the voice of reason. But how does recovery fit into this matrix of capabilities and roles?
First we must define disaster recovery. In September 2011, the Federal Emergency Management Agency (FEMA) released the National Disaster Recovery Framework (NDRF) to help guide, structure and support a nation, community and business recover from large-scale disasters. In reality the decisions made and priorities set early on will have a profound effect on the nature and speed of the recovery progress.
|Video: Axis Camera captures tornado damage http://bcove.me/ank1w5gz|
For a business, the formula is very simple: Time means money, and the shorter the recovery process, the greater chance of business resumption, survival and successful recovery. Unfortunately though, statistics paint a very dismal picture of survival when a business is impacted by a natural disaster. A survey by the Florida Insurance Council indicated more of indicated more than 40 percent of businesses never reopen following a disaster.
The NDRF has identified nine recovery core principles including individual and family empowerment, a united effort, resilience and sustainability. Pre-disaster recovery planning is a principle that can be identified, categorized and quantified into an actionable plan. The speed and success of recovery can be greatly enhanced by establishing processes and protocols prior to a disaster.
In short, a successful recovery can be identified as the ability to rebound from losses in a manner that sustains their physical, emotional, social and economic well-being.
Follow these instructions to build an enterprise-wide disaster recovery plan to keep your company open for business.
Include Every Department in the Planning Process
The security department shouldn’t be excluded from participating in pre-disaster recovery planning. All departments should be involved to ensure a coordinated and comprehensive plan is achieved through developing relationships that increase pre-disaster collaboration and unified decision-making. Each department understands its requirements, capabilities, resources and minimum personnel needed to operate essential functions; it just has to share that information with the security team.
Understand Interdepartmental Dependencies
However, each department may not completely identify or understand its intra- and inter-dependencies within the company. Pre-disaster recovery planning cannot be developed in isolation, but must be undertaken as a collaborative effort among all departments and with external suppliers, vendors and service support. When the security department knows and understands the important drivers, equipment and systems within each department, including their dependencies, security has a broader picture of what to protect and can apply the appropriate measures.
Take Advantage of Available Resources
One important step of pre-disaster recovery planning often overlooked is for a company’s security staff to enroll in the Federal Emergency Management Agency (FEMA) Independent Study Program (ISP). The ISP offers free online training courses 24/7.
There are more than 20 FEMA ISP courses of instruction directed towards the private sector, and each can be an important contributing factor to pre-disaster recovery planning. Examples of ISP courses include: Citizens’ Guide to Disaster Assistance, Public/Private Partnership, Protecting Our Home or Small Business from Disasters, and Community Preparedness: Implementing Simple Activities for Everyone.
Learn from Example: Best Practices and Mistakes
Unfortunately, every variable cannot be anticipated. You cannot forecast every action by staff members or the extent of the damage before a disaster strikes, however you have the ability to ask questions of those who have experienced a disaster to understand what cannot be adequately expressed in a news report.
- Call security directors who have experienced floods, earthquakes, tornadoes, etc, to determine which actions were successful or not, where the biggest challenges were, and how they are working to avoid them in the future.
- The Internet is a vast resource at your disposal. Obtain details and accounts of disasters beyond the 5-o’clock news broadcast. What infrastructure was harmed in each disaster? How does it apply to your company? Can you protect it in a way that the victims couldn’t at the time?
- Look at other aspects of the companies affected by disasters—where are the major tripping points? Are there significant communication problems? Were evacuation plans unclear, or was the company unprepared for the number of civilians seeking shelter in the facility?
- Most importantly, don’t let your searching go to waste. Apply your new-found knowledge to your company’s comprehensive recovery plan. Make certain that your security department is prepared to handle the influx of pressure with clear instruction and ongoing training.
Gather Documents for Financial Planning
For the company’s finance department, it is imperative to know which agencies to contact for financial disaster assistance, as well as to understand the criteria to determine if the company can even apply for financial assistance, what forms are needed, having copies of said forms in company files, and understanding how long it may be before the funds may be received.
Sit down with your financial department and discuss the processes that they will face after a disaster, and work with them continually to update recovery documents. If the department always has the most relevant documentation, then no matter when disaster strikes, they will be prepared to apply for assistance immediately, shortening recovery time and getting the business back on schedule.
Being forewarned is being forearmed, which can be accomplished through training, planning, exercise, coordination and applying the lessons learned.
One thing is certain: Once a security department is thrust head-first into a disaster, the department will never be the same again. Each person learns lessons from the uncertainties, bottlenecks, delays and ineffective communication experienced in the event. Stress and uncertainty is a deadly combination that can lead to poor decisions, but with planning comes a clear assignment of roles and responsibilities, identifiable channels of accountability, yielding a resiliency that helps guide the business to recovery.
Do you have any questions, comments, tips or best practices that you'd like to share with the industry? Email us! Send your feedback to Claire Meyer, Security's associate editor, at firstname.lastname@example.org