One of the biggest aspects of your physical security plan and the prevention of workplace violence (WPV) is creating a Disaster Recovery Plan (DRP). It is a crucial element in order to have the necessary recovery, and by necessity you have to plan for disaster before you can recover from it, plan in place for you to stay in business and avoid many calamitous lawsuits and public relations nightmares.
There are innumerable books, guidelines, and consultants that will show you how to write a comprehensive plan to survive any crisis. Most are verbose, offer little useful information, and quite frankly filled with gobbledygook. I will try and be as concise & succinct as possible in attempting to guide you through this process. Hopefully these posts will give you a head start on developing and implementing your plan.
There are many good ideas and processes for writing and implementing a DRP as there are bad ones. Unfortunately, many of them have conflicting points of view on writing and implementing it, which is not necessarily a bad thing. But with every plan, guideline, or book you read on the subject you need to tweak it for your own use. No company is the same as any other, each company has its own nuances.
No plan is perfect; therefore a cookie cutter approach doesn’t work in anything especially with a DRP. Like with any new security plan, process, invention, or sport, sometimes your approach needs to be tweaked to make it efficient for each member of your team and their talents.
I have helped several companies, in the past, write, develop, and implement DRP’s. All have used my unconventional and unique approach of doing things. But again, each facility was different and every plan was written specifically for the client. All of my ideas and processes had to be tweaked for each client, so put your own spin on the plan.
The hardest and most complicated aspect of the development process is these:
- Who will be involved and from what level of the company? (should be from many different levels, from front line employees and up to and including the C-suite
- How many crises will you attempt to cover and which need the most immediate attention?
- What resources will be needed to complete the plan? (Time, financial, meeting space, and etc.)
- Who will be responsible for ensuring the process stays on track and is completed? (Who is in charge?)
- What is the time line for completion, from development, writing, & implementation? (you should leave at least 6 to 12 months)
Every disaster that your company may encounter needs to have a part in the plan and its own section with appropriate actions attached to it. You can certainly adapt sections from other areas, but ensure that there is no confusion within the plan as to what actions are for what.
So what kind of disasters should a DRP cover? Here is a very short list; obviously I’m sure you can think of many more within your facility;
- Workplace violence including hoaxes, threats, and so on
- Flooding or water pipe breakage
- Hazardous chemical spills
- Bacterial contamination of a food processor i.e. Listeria or e Coli
- Computer hacking/intrusion internal or external and its recovery
- Large scale vandalism
- Civil unrest/rioting which would include looting
These are only a few of the innumerable disasters that could hit your company. And if you wanted you could even count war as one to plan for! Each of these will have certain things in common within the plan, but it is just as important to have a separate section for each kind of event. And if the probability of the event is extremely remote, like war in the United States, then don’t dwell on it too long, just develop an outline.
One of the main concerns that you have to think about is the simplicity of the plan. While it may be of great interest by your legal department to have all the detail in the world it really isn’t necessary. As with your policies & procedures, it needs to be simple and easily read and understood. That means keeping it concise, succinct, and read at a 6th grade level (depending on the educational level of your employees).
This is especially true for the parts that will receive general distribution throughout the company. Your employees who have been designated for certain responsibilities only need to have the relevant sections of the plan. And while they need to know how important their part is overall and how integral it is, they don’t need to be burdened by the entire thing. You can always keep a full can complete DRP in your main office for perusal by anyone at their convenience, but it doesn’t need to have wide spread distribution.
On the other hand, c-suite management needs to have a full and complete copy of the DRP. And they need to understand it and how to implement it as well, no matter the cost in time and energy to the C-suite. The expenditure in those areas will pay dividends later if a disaster befalls the company.
First of all I would develop 3 groups of people in your plan. Each set will be responsible for a separate unit of action after the disaster strikes. Each of these groups will have responsibilities within your DRP and they must be allowed to carry them out. As with other posts I’ve made and reiterate here, fiefdoms must be put aside and everyone work together for the benefit of the employees and company.
(This is the first in a series on developing and implementing your DRP)
Facebook.com/oneistoomany or Twitter: @robertsollars2
I May be Blind but my Vision is Crystal Clear