Suppose your business suffers a temporary disruption. (The cause of the disruption doesn’t matter; neither, necessarily, does the length of the disruption.) A disruption that impacts customers, prospects or finances (and almost every disruption – even for a few minutes – will), may trigger compliance obligations. You may need to file an insurance claim. Or you may need to provide government or industry regulators with the details of how your organization dealt with the disruption.
Do your Business Continuity and Incident Management plans lay out the needs and requirements for documenting actions taken during disaster or other disruption?
Any business disruption will generate a flurry of activity. Will you be able to recall all of those actions once order has been restored? Or will you have to spend countless hours reconstructing what happened, who did what and how long each action took. It is unlikely you’ll be able to capture every action by every participant. And the longer the disruption lasts, the longer that list of action will be.
Obtaining a complete and accurate accounting of your organization’s actions in response to a disruption may be critical to satisfying regulatory and insurance requirements.
So doesn’t it make sense to build documentation into your Business Continuity and Incident Management processes?
If your organization uses the Incident Command System (ICS), there is a whole catalogue of ICS forms that can be used to document actions during an Incident. Even if you don’t follow ICS procedures you might consider including MSWord versions of appropriate forms for recordkeeping within your BC and IM plans.
Do the regulatory agencies which oversee your industry publish guidelines or requirements for Incident documentation? Have you asked your insurers what they would require should you need to file a claim?
Your Business Continuity Management program should include more than just plans to take action; they should also include a method of recording those actions. Automating or mechanizing the documentation process may be the best solution. (That is one of many reasons to consider eBRP Suite to automate your entire BCM lifecycle). Or you can include recordkeeping requirements and appropriate forms within your plans.
When your business suffers a disruption – and it eventually will – viable Business Continuity plans and Incident Management procedures will help assure your effective recovery. Just remember to include event documentation in your BCM and IM procedures – so you won’t create a second ‘incident’ when you need to scramble to document your actions for regulators and insurers after the fact.
