:
1.
Do the board members
and management know their core responsibilities for
recovery? They need to know prior
to a loss their roles and responsibilities in a loss
or they may try to take over and waste a lot of
precious time. Keep them involved and in all the
testing processes and reports.
2. Terminated
Employees - Do you eliminate internal access to all
computers? Some people, especially
the IT guru has access to many devices and the main
computer room, telephone rooms, wiring closets etc.
3. Joint
Ventures - Have you completed a BCP audit of their
process? Let’s assume you put 10
million dollars into product development and you
have the XXX company putting up 10 million dollars
in marketing. They have a disaster and you are
holding onto a 10 million dollar parts bag. At this
point you will wish you had audited their disaster
response plan.
4. BCP
Planner – Preauthorization to act in a disaster
response?Your planner, your teams and your
management group must be able to take action
immediately. Time is not on your side. If someone
makes a mistake, forgive them and go on. Strong
training programs will build the confidence you need
to assure proper authorizations to start the
recovery process.
5.
Have you
completed the pre-disaster tagging of critical
equipment and files? We had over a million
square feet of offices, files, computers, phones and
junk. Which piece of equipment do you want to save
first? What file do you want salvaged first? Where
do you want to start? Tagging the equipment prior
to the loss can save thousands of hours, pain and
mistakes. Green tags for important items, blue tags
for secondary choices and yellow for anything that
would be nice to have after all the other stuff is
saved and placed out of harms way. DANGER!
This will get out of date in time and must be part
of the update process.
6. Vital
Records – Conducted an inventory of all vital
records and provide duplication as needed?
Some records are far too important to
lose. Both electronic and paper records are
included. Incorporation documents, signatures and
agreements fall into this group. Some people nearing
retirement consider the pension files to be vital.
Your resume may be important after a disaster
especially if you are not prepared. The point is,
identify these files, determine duplication and keep
them at least five miles away from the main site.
7. Have
you developed a relationship with emergency
management authorities? I have
worked with these people in the states, Canada and
the Caribbean and they all have been very
enthusiastic about helping and participating in
tests. Most have a web site.
8.
Chemical spill
response procedures? Have you
documented how you and your community (fire and
police) will handle this issue and identified how
you will receive notice of the event? Do you have
sheltering in place procedures and a standard policy
for handling staff and guests? Special procedures
are indeed needed. This issue can lead to liability
questions. For example, do you let employees and
visitors leave even when you know toxic fumes are in
the air? What if they insist on leaving and they say
that you cannot hold them against their will? If
mass evacuations are required it may include the
guards. How will you secure your building from
damage and theft?
9. Severe
storm procedures – external issues? If
mass evacuations are required it may include the
guards. How will you secure your building from
damage and theft?
10.
Identified
all desktop configurations needed to support all
processes? Not every desktop is configured
the same. Some are very unique and have all kinds of
programs and various functions. Some people load
special unauthorized programs on the desktop and
this can be very troublesome for the recovery mainly
because they are poorly documented. If the desktop
configurations are issued, maintanded and stored
centrally and kept off-site you have a far better
chance for quick recovery.
11. Has
the risk of noncompliance to regulatory issues been
reviewed? I suggest that you have someone
investigate this prior to a loss. It could lead to
some nasty post disaster shuffling and fidgeting. It
could also result in fines and other legal issues.
12.
Have you developed, recorded, and prioritized all
external dependencies? If
they are a serious dependency, it may be beneficial
to see if they have a valid BCP. If not, what are
your alternatives for their services?
13.
Flooding -
Internal flooding shut down and checkout procedures?
I had one client that had frozen water pipes due to
a problem with the ventilation equipment. On a very
cold night these pipes froze, burst and the night
guards could not find the water shut off valve (it
was in the ceiling above the ceiling tiles). Someone
from facilities had to drive in from home, find the
charts and shut off the valve. Bingo! A disaster! A
2” pipe burst and was open for about 90 minutes
flooding several floors of office space.
14. Generators
– Tested regularly for extended 24 hour duration?Some
of these machines are getting old. Seals are
brittle, fuel is old and they have never operated
under stress. Test them once each year for at least
24 hours.
15.
Response Teams – Do you have documented
procedures for all teams? Roles,
responsibilities, guidelines for all teams, will be
mainly used as a teaching tool prior to a disaster.
During the disaster these teams will not or may not
even open the procedures. They will reference the
names, basic protocol, use it as a guide etc. but
never (rarely) will the steps fall into a one, two,
three sequence. In every disaster event we responded
to the procedures rarely used. Sequence, event
timing, personnel availability and a host of other
issues will change any written materials. With out
them however training is impossible, you will have
no assignment of duties and you will have chaos.
16.
UPS failure
sensors installed? Yes, it is possible
that the UPS system will malfunction. You will not
know if the system has failed and if it REALLY works
until it is initiated under stress. Then if it fails
you will have a lot of very unhappy people. Install
a sensor.
17.
Communication
– Procedures for employee communications?
Some idea’s include the internet; a special 800
number just for this kind of communication and you
record your information on the greeting; going to
the web provider and posting a message in front of
the usual screen; using a phone broadcast mail
system. Any of the systems have to be able to handle
a large volume of calls simultaneously so using cell
messages and small home message systems will not
work well.
18.
Command
Center equipment purchased and in at least two
separate locations? Keep equipment that
you purchase and store in at least two locations
prior to a loss. I guarantee that you will not have
the time or resources to quickly get this equipment
on a 24/7 basis. I recommend that team members keep
a mini kit with them at all times (a brief case size
kit, just to get started).
19.
Have you
prepared procedures for rerouting delivery of
equipment and supplies? UPS, US postal
service, Frank’s Delivery Service will still be
driving into your destroyed building area and will
be wondering where to take the delivery. Record all
these people in your BCP and when they arrive at the
site have some person or the security personnel
greet them and provide information on where to send
them. Use a warehouse, rent a portable storage
container, rent a semi trailer and set it in the
corner of your parking. Just have a place for this
stuff unless the carrier can take it back (many
cannot).
20.
Insurance
reporting procedures and contacts? Simple
enough! And yet I have a word of WARNING here! So
many people placed their hands in the good old
insurance company. You should consider these two
issues:
a) Take
this checklist and ask your insurance company to
assure you that they will be able to do all these
items in the time frame you, your members and board
will tolerate.
b)
In my limited experience one of the
leading industries in BCP development are the
insurance companies. That should tell you something!
Property insurance, income continuation insurance
and all the other possible policies will not be
enough.
The End: This is a
draft. Refer the the book for over 300 questions and
comments. Call Paul
Bergee for more information.
New Releases
From: Burgee Business Continuity Planning!
Click Here!
|