Question to the DL: I had a great emergency response with hand sanitizers and cleaning the office. Is that enough? What’s next.
Disaster Lady Answer: This is going to be a hard answer to give you, but you need to hear it. The beginning/last week was the easy part. That was what we call in the industry immediate disaster response. It can last anywhere up to a week and is generally focused on getting command and control of a situation and some quick response activities. Normally this enough to handle many disasters as long as it doesn’t last for more than a week. The hard part? That’s where we are entering now. It is what we call Long Term Recovery. This means that you will need to look at how to change your operations for the long haul (at this point 3 months). Here are the top questions you need to ask yourself:
– What are my critical processes/services that have to continue no matter what?
Answer: These are things like direct services to clients that have to continue or things will get intolerable, payroll for employees, etc. There are some processes that can be put off. Sorry, Uncle Sam – Tax management is not a critical service to keep the lights on unless you are a tax planning business. You can pay the government a late fee if needed. Right now, you need to focus on getting money in the door.
– What are my critical systems? Can they be accessed offsite?
Answer: Many folks now have services in the cloud which is great, but some don’t. You need to ask yourself if it is secure or safe for them to work from home. For example, if you have a business that deals with highly sensitive data that is heavily regulated, then you may not want them accessing it or managing it from home. This is especially true if they can download that sensitive data onto a device that isn’t owned or managed by your company. If people are working from home, make sure they are working on a device owned by your company and that they commit to keep the data on that device. If you have to move to the cloud, make sure that they have a security program and just do not rely on their service provider (i.e. Amazon AWS or Microsoft Azure’s security) because that is only half of the technical controls you need to be secure. More on that topic later because I could literally write a book on that one.
– Who are my critical vendors and what happens if they aren’t available?
Answer: In all my years of disaster response, the one thing I can count on is vendor failure at the worse times. It happens in a number of ways such as they have larger/high-priority clients that they will take care of first and get to you when they can or they fail to meet their service agreement times, or (my favorite – not) is when the jack up the prices because your once regular service is now considered a “premium service” because other businesses are affected. If you haven’t already, try to find other vendors in case your primary ones are not available. The good news is that many suppliers and vendors are just as worried as you are and are trying to attract new business during turbulent times. Use this as an opportunity to build redundancy in your operations and negotiate better terms than even your primary vendor can give you.