First the process – Then the plan!
Your Business Contingency Plan shall support you Crisis Management Process – so let’s have a look at the process first. Afterwards, we will see how we can build a plan supporting the process!
Contingency Process – the basics
A generic contingency process is usually divided into three distinct steps as of below:
- Prepare – what we do before an incident (e.g. planning, training, exercises, revision etc.)
- Response – what we do during an incident (e.g. mobilizing, handling, informing etc.)
- Post Activities – what we do after an incident (e.g. debrief, analysis, reporting, review etc.)
From above we see that the size of the Incident Domain area is a vital element. This is due to the simple fact that this area corresponds directly to the sum of all your losses – such as loss of life, material, financial, reputational, stock value etc. In other words; the longer the incident lasts and / or the higher the Incident’s potential becomes – the more expensive this Incidentwill be for you!
So, the overall objective of your contingency process is to minimize the Incident Domain area and as such minimize your consequence of the incident in terms of direct and indirect losses.
From the above picture we can see that the available means of reducing the Incident Domain space boils down to only two parameters:
- shorten the Incident’s duration
- reducing the Incident’s potential
Now, let’s have a look at the various phases of the contingency process.
The Prepare phase is the “planning, training and exercise” phase and is all about preparing you and your organization for critical incidents that may happened and affect your organization.
A central purpose of this phase is to establish, train and maintain your Emergency Response Organization (ERO) and equip them with needed tools such as strategies, scenarios, tasks, checklists, templates etc. – to be used in case of an incident. In other words build a crisis management process that is linked to your crisis management activities.
The Response phase comprises of two sequential steps:
- Escalation – the kick-start of you ERO according to occurred incident
- Action – the actual handling of the incident according to planned and prepared strategies and activities
An effective response phase is recognized via a rapid and unambiguous escalation (to the correct individuals) as well as an effective handling of the incident as such.
The initial handling should preferably be based on the pre-defined tasks and checklists defined in the Prepared phase.
Post Activities phase
The Post Activity phase shall cater for all and any post activities that has occurred as a consequence of the incident and has as its outmost goal to secure a smooth transition to normal operation and reduce any long-term effects of the incident.
The Minimal Incident Domain
Under the assumption that an Incident has occurred, the below figure illustrates a minimal Incident Domain.
InCaseIT Incident domain
Best practices indicated that a efficient Crisis Management Process is implemented via:
- Rapid Escalation phase as point of Escalation is in time located very close to the actual occurrence of the Incident
- Typically, a fast and correct escalation will lead to a lower impact
- Efficient Action phase as all members of the Emergency Response Organization are (very) familiar with their respective initial tasks and objectives – performed under a shared strategy.
- Typically, a correct initial handling gives a shorter duration of the Incident
However, to achieve the above it is instrumental that the Prepare phase has been conducted properly covering both planning, training and exercises.
If you are interested in learning how to design your plan, click here for free presentation.