If there is one area of disaster recovery planning you’re sure to spend a lot of time on, it’s the response component. How you respond in the aftermath of a crisis will have long-term implications for your organization. That response may very well determine whether you’re able to quickly rebound, or end up on the wrong side of statistical data. According to FEMA, roughly four out of ten companies never reopen after disaster strikes. And those who lost their IT resources for nine days or longer were at greater risk of going bankrupt within a year.
While every crisis is unique, there are some critical steps every organization should follow when responding to disaster.
1. Analyze the Incident
Your very first responsibility after a disaster is to gather as many facts about the incident as possible. Keep in mind, however, that the type of crisis will dictate how to proceed with your investigative efforts. For example, if you’re responding to a natural disaster, you can check in with sites like Relief Web, which actively monitors ongoing disasters around the world, for updates. Whether it’s a storm that affected an entire region, or a cyber security attack that compromised your internal network, incident analysis is necessary to make informed decisions and coordinate an effective response plan.
2. Gather Evidence
Failing to preserve evidence is a surefire way to sabotage your own response plan. The slightest alteration can stall your recovery efforts and leave you just as vulnerable when you finally are back up and running. Evidence, both physical and digital, is essential to your ability to conduct a thorough investigation and follow up accordingly. Depending on the nature of the incident, it may also factor into the litigation process. Needless to say, your response team must be diligent in making sure they obtain and retain all evidence relevant to the incident.
3. Go into Crisis Management Mode
Crisis management is the meat and potatoes of your response plan. This is where you put the plan in motion and start working towards a resolution. Keep in mind that the disaster in question will ultimately determine the best course of action. If your data center is vandalized, personnel may be instructed to sequester all affected areas to preserve the scene as authorities investigate. On the other hand, if confidential data is involved, regulations might trigger the urgent need to notify customers and authorities of the incident. How you need to respond will vary from one crisis to the next.
4. Communicate Efficiently
How well you communicate during a crisis will figure into how fast you can resume business operations. Members of your DR response team, management, partners, and all other affected parties should be immediately identified and given all the necessary details on the incident. Informing customers that their personal data may have been compromised isn’t something you look forward to, but it must be done. A timely crisis communication strategy will help ensure that you meet compliance notification requirements and handle damage control by getting out in front of the matter.
5. Evaluate the Process
An exhaustive evaluation of the process is necessary to improve your response plan over time. After all, you never know when you’ll need to execute it again. The evaluation should aim to answer a number of important questions, such as:
- Were you able to minimize your risk to similar disaster scenarios?
- Did your response align with your recovery objectives?
- How did your staff perform during the crisis?
- Did staff receive adequate support and resources from management?
- What specific aspects of your response plan can be improved in the future?
Answering these questions and others will enable your team, policies, and processes to make a greater impact during an emergency.
Plan Before You Respond
Like your disaster recovery plan as a whole, a response plan must be mapped out well in advance. Your communication program should be structured so the response team knows the most effective way to communicate and whom to contact. There should be protocol in place that outlines evidence collection procedures and responsibilities. Above all, your team needs a clear understanding of how they are expected to respond in any possible crisis situation. From executing internal recovery processes to communicating with third parties, each step must be detailed and documented as a literal course of action.