March 17, 2020
The Best Tools for Disaster Preparation
by Rob McIsaac
A good motto for disaster preparation: “Prepare for the worst; hope for the best.” Just remember that hope is not a plan on its own.
If the COVID-19 pandemic has taught the world anything, it’s that each event is different from the last. It’s not enough to have an abstract plan in place when disaster strikes. The most effective disaster recovery and business continuity (DR/BC) plans are those that organizations practice routinely. Insurers and companies across all industries should be prepared to stay online during a range of natural and man-made disasters, from earthquakes to pandemics and cyber-attacks.
Modern consumers have come to expect 24/7 accessibility from their service providers. A weak infrastructure that can’t reroute traffic or a third-party partner’s lapsed platform causing an entire system to go down are not just inconveniences—they’re threats to customer relationships. DR/BC plans should take such liabilities into account and be tested end-to-end.
Most insurers created DR/BC plans with hurricanes, winter storms or other natural disasters in mind—not terrorist attacks or pandemics. Organizations should consider these plans as living documents for precisely this reason. The impact of contagious illnesses (e.g., COVID-19) on company staff and leadership may not be present in existing plans. If so, organizations may need to put social distancing into effect, especially in key departments with high concentrations of knowledge or ability.
Preparation Is the Best Prevention
Even the best-informed DR/BC plan is unlikely to cover every scenario. Preparing the entire organization for emergencies, however, drills in responses to create a form of muscle memory that makes employees ready to respond when new threats emerge. Pressure testing or refining a system is better done when an organization is running at full capacity rather than after a disaster has emerged.
See also: Coronavirus: What Should Insurers Do?
Plans may attempt to cover a broad range of known issues and look to incorporate reasonable fail-safe provisions to address contingencies if partner systems go down, but they should still follow two rules.
1. Documentation should be easily—and immediately—accessible.
Even if plans establish clear lines of communication, explain how to access critical systems and lay out how to frame decision protocols, they do no good if employees can’t access them when the time comes.
Organizations should store DR/BC plans somewhere that is easy to locate, and there should be multiple instances of the plans. If an entire grid is down, for example, SharePoint is not a convenient place to house emergency instructions. Insurers should also encourage their employees to take information home with them. Corporate networks should not be the only storage space for emergency documentation—and demonstrating knowledge of DR/BC plan access points should be covered as part of employees’ test exercises.
Employees are only able to act in a crisis if they have the hardware they need. Laptops or tablets should be available to take home; bringing these devices with employees should be part of regular training exercises. Equipment is not useful during a test or a “live fire” event if it stays at the office overnight.
2. Plans should be created early and practiced often.
The greatest key to a successful DR/BC plan is preparing long before precipitating events are on the horizon, when the organization can consider all scenarios. Employees will know what to expect and how to behave when disaster drills are routine (like fire drills), no matter if the employees are part of IT or serve as a member of a business unit.
The events that teams practice for are seldom the ones that happen in real life, but preparing for a wide array of scenarios can help management and associates to stay calm and focus on understanding what is new or unusual about the emerging situation. When rational responses to crises become second nature, individuals and organizations can survive a wide array of incidents with lower stress and less negative impact on the people who depend on them most—their customers.
If possible, employees should undergo regular online training in these emergency protocols with certification available. That way, newer employees or those less familiar with DR/BC plans and procedures can receive updated experience until the whole team is on the same page about where and how to access the information they need during an emergency.
See also: How Coronavirus Is Cutting Connections
No insurer can prepare for every possible emergency, especially when the future is uncertain, as it is with COVID-19. But maintaining a well-thought-out DR/BC plan that exists as a living document can help any organization keep a cool head when people need to make big decisions quickly. Creating a plan early and making sure employees know how to access it are foundational to keeping the lights on (and customers satisfied) when disasters and other unexpected events occur. My motto as a CIO in insurance and banking was, “Prepare for the worst; hope for the best,” while remembering that hope is not a plan on its own.