The purpose of an Incident Readiness Program is to enhance the ability to respond effectively to any business disruption and restore those assets (Business Processes, facilities, technology, suppliers and people) that are critical to the delivery of that organization’s Products & Services. The Planning Phase of the program enables the organization to identify the critical assets at risk, prioritize the resumption of business processes, map dependencies necessary for effective response & recovery, and develop actionable plans.
Testing and exercises should be designed to find the gaps in recovering those critical assets – both strategic and operational. The Incident Management component of the program establishes the organizational structures and tools for command, control and communication during a disruptive incident.
To facilitate true Incident Readiness, the BCM program should also focus on:
- Dependency Mapping: Cataloguing of organizational Assets (people, sites, processes, technology, suppliers…), their dependencies and impact parameters. The modeling of assets is a fundamental decision support mechanism to enable Incident Managers to identify the causality chain that is critical to carrying out an effective Incident Response.
- Actionable Plans: Plans need to be both concise and actionable – every task should identify the ‘team’ assigned and the time required to execute. Each Plan (which can be thought of as a ‘playbook’) should delineate the sequence of task execution and provide a structure that allows flexibility to change the ‘workflow’ dynamically as a situation evolves. Most importantly, the Plan’s objective should always be the restoration/resumption/recovery of critical assets – not broad scenarios.
- Dynamic Teams: Using a role-based planning approach, all responsibilities should be assigned to teams – not individuals. For effective Incident Response, team memberships have to be dynamic. Based on geographic impacts, time of the incident or other factors, team compositions may need to be reconfigured on the fly – based on resource availability.
- Communication: The linchpin of effective Incident Response. A solid communication plan should include mechanisms for responder collaboration, periodic communication updates to stakeholders (those concerned, but not directly involved), roll-calls, polling and recovery status updates. The communication protocols have to be defined, tested and periodically aligned with the organization hierarchy.
Perhaps the most important requirement of implementing an effective Incident Readiness program is a purpose-built system implemented on a relational database. Attempting to create a homegrown Incident Ready program with SharePoint & Office tools is bound to come up short – resulting in little more than ‘door-stopper’ 3-ring binders. The real key to effective Incident Readiness is the ability to dynamically change plan execution workflow and resource assignments based on real-time situational awareness. We create Response Plans in ‘ideal conditions’ but we need to incorporate flexibility to facilitate on-the-fly change as a disruptive situation demands. Is all that effort worth it?
Click here to read Part 3 to learn the 5 Advantages of an Incident Ready Program. See how you and your BCM Program can make that quantum leap toward an Incident Ready program.
