If you’ve read the headlines, you know the risks are real. From wildfires to raging floods, and corporate fraud to cyber attacks, there any number of ways disasters can take an organization offline. Recognizing these risks is important, but for companies to be truly prepared, they need to have plans in place to protect them before, during, and after an event.
The Three Essential Plans
Planning an emergency response is critical, but it’s not the only step. Organizations must have a Business Continuity Plan in place well before its needed so the company has clear directions on how to continue operations during and after an event; as well as an Emergency Response Plan to help them respond effectively to that specific emergency; and a Disaster Recovery Plan to help the company return to operations as quickly as possible after the dust has settled.
Having these three plans at the ready is not only the smart thing to do; these days, it’s almost expected.
“There’s been a major shift in the private sector in that we’re seeing service providers now being required to show clients proof that they have these plans in place,” says John Stephenson, a senior vice president with FirstOnSite Restoration, adding, “We’re even seeing the requirement for these plans show up in requests for proposals for everything from electrical work to cleaning contracts.”
Traditionally, disaster plans were only mandatory among government agencies, but now both clients and insurers alike are demanding them more and more in the private sector. Of course, says Stephenson, the real motivation for investing in such plans goes beyond compliance: “The risk of not having these plans is you can literally go out of business, because if you can no longer function internally after a disaster, how can you provide your services externally?”
Drafting the Plan
There are subtle yet important differences between each type of disaster plan. Business Continuity Plans, for example, serve the function of providing clear directions on how a company will operate during a major event. They originated in the 1980s when the rise of IT technology such as computer networks, communications systems, and digital infrastructure made it necessary for companies to determine how these increasingly important business components would be protected and re-established during an emergency. Today’s Business Continuity Plans still cover these elements, but also take into consideration leadership structures, staff roles, recovery strategies, and physical assets.
“They’re really designed to keep your essential business running,” explains Stephenson. “They can entail everything from how you’ll keep your communications going to how you’ll pay your staff and continue to serve clients. There are so many different things that can impact a company’s ability to operate going forward during and after a disaster.”
Drafting a Business Continuity Plan requires input from all levels and departments (e.g., human resources and IT) to ensure all staff core business competencies are being taken into account.
Equal considerations are made when creating an Emergency Response Plan. These plans exist to provide the company with instructions for handling an event or specific emergency when it’s happening, and include directions for staff, guidance for crisis teams, and vital contact information.
“Emergency Response Plans are just that – plans that focus on what to do while an emergency or crisis is occurring. They’re all about the tactics in the field, where people need to go, and how staff deal with emergency responders,” says Stephenson.
Disaster Recovery Plans are also self-explanatory and no less critical. After all, the actions a company takes after a disaster will determine how fast it gets back on its feet. These plans will often include instructions on who call for recovery efforts, how a company will function in the interim, and other steps and partnerships needed to continue servicing clients.
Living Documents
Disaster planning never ends. The aforementioned tools are all living documents which must be reviewed and tested on a regular basis to make sure they are still efficient and relevant to the company’s current state.
“Things change. Companies evolve. People come and go. You need to take that plan out once every year or so and go through a live exercise or table top exercise with your team to make sure it still fits,” says Stephenson, “At the end of the day, you want the peace of mind knowing there’s a plan in place if something happens and your clients want to know they’re dealing with a company that will continue to function if disaster strikes.”
John Stephenson is a senior vice president with FirstOnSite Restoration, a leading Canadian disaster restoration company, providing remediation, restoration, and reconstruction services nationwide, as well as for the US large loss and commercial market. For more information, please visit http://www.firstonsite.ca/.