When is the last time you looked over your resiliency plans?
Do your plans reflect your current operations? Do they take into account your most recent retrofit or staffing change? Are your recovery objectives current? Have you had a few incidents you responded to, but the After Actions haven’t been reconciled against your plans?
If your answer is “I don’t know” or “no,” then you’ve got some work to do. While the majority of content in your plan is likely still mostly accurate and in line with your business needs, most likely there are some important changes and updates that need to be documented.
Your plans are meant to be used and trained to frequently. If not, then why invest all of the time and money to create them in the first place? We’ve got some tips and questions below to help you keep your plans and resiliency documentation current and useful.
How do you know you need an update?
1. You’ve made some changes to your operations or your facility. If your existing plans document any of your critical systems (like alarms, fire response, access controls, leak detection, storm monitoring) and you’ve updated them, then you need to make sure your plans are in alignment with your systems. For example, many plans written for oxygen suppressing fire systems in data halls need to be updated if you’ve replaced those systems. Especially critical is if you’ve added machinery, rooms, or spaces that are not documented on your as builts. If the information is there but is hard to find, then a re-structure of the documents might be in order.
2. Technology or system updates have made your RTOs outdated. Changes in tiers, apps, services, or critical machinery or systems means your Recovery Time Objectives for a business disruption will need to be revisited. The speed of change for technology and innovation means keeping your plans current. Especially critical if you’ve changed your redundancy or your hot site capabilities.
3. Your policies and procedures are outdated. Do you have a new policy in response to business changes that needs a standard response procedure? Things like changes in workplace violence response, weather impact mitigation, security access policies, and a policy shift to a more overall resilient viewpoint can create the need for new procedures. Do you need to add an addendum to comply with new or updated health and safety laws? Does one of your sites have a best practice that you’d like to implement system-wide?
4. Your plans haven’t been updated in a few years. If it’s been more than three years since your materials have been updated, it’s time to re-visit them. There are so many changes in technology, equipment, and the way people consume information. Make sure your users are able to easily access the documents they need before an incident happens.
What should you do now?
1. Review the Table of Contents of your plans. Are there topics you no longer need or are missing? If your TOC is really long, consider breaking up your plans into easier-to-consume, smaller playbooks.
2. Ask for feedback. Talk to your response team and employees to find out what documentation is useful and what’s not. What can be improved? What is the ideal way for users to access the information?
3. Make sure your company culture, vision, and mission are clearly incorporated into your plans. Many response actions are driven by company priorities around people, business, and financial impact.
If you need help making updates or want an easier-to-use plan format, let us help.