Disaster Recovery Planning Step 3 – Declaring A Disaster

Introduction

When catastrophe strikes, someone in authority must officially declare an emergency and invoke the Disaster Recovery Plan (DRP). Without this critical function, a company may unnecessarily operate in “disaster mode” or worse, start recovery operations too late.

Internal communication is critical

As a disaster unfolds, confusion reigns. Employees without proper managerial direction will simply do what is most familiar to them which may not be what is needed at the time. It is management’s responsibility to direct the troops toward the goal of full recovery and continuity. Communication is key.

Recovery will go much smoother and be more successful when employees know what is expected of them. A Disaster Recovery Plan must be written, tested, revised as necessary, and disseminated to all employees, who should be involved in periodic tests to make sure they understand their roles in a disaster. An uncommunicated and untested plan is virtually useless.

Specifically Identify Who Can Declare An Emergency

Your disaster plan should outline who, in the company, has the authority to declare an emergency and invoke the Disaster Recovery Plan. Once done, management and employees then have the authority and direction to start the recovery process—mitigating the damage (physical or digital), if necessary, working from alternate locations, setting the IT Business Continuity plan in motion, getting all critical business processes set up and running, etc.

What if he or she is not available?

Disasters have a nasty habit of coming upon you unexpectedly, so a backup plan is needed.

A business, even a small one, cannot solely rely on one person. Provisions must be made for a “second in command” to make the necessary decisions if the primary person is not available when disaster strikes. If your company has the staffing depth, a third or fourth person should be given authority to invoke the Disaster Plan if the others are not available. Again, it all needs to be written down—here’s how:

  • Create a chart with the following headings: Number, Name, Title, and Authorization.
  • List the names, with their titles, of those with the authority to declare emergencies.
  • Under the “Authorization” column, state in specific terms, under what conditions the individual has the authority to declare an emergency (i.e. If #1 is not available, If #1 and #2 are not available, etc.)

You have now created a matrix, outlining the people, their titles and under what circumstances they can officially declare a companywide emergency. Since it is part of your Disaster Recovery Plan document and it has been communicated throughout the company, everyone knows “who’s in charge” when the time comes. Awesome!

We’re not done yet—read on.

When can employees assume emergency conditions?

What if all of the above authority figures are not available when a disaster strikes? What does the manger-in-charge at the time do? Granted, this may not be a common occurrence, but it can happen.

An effective plan must outline when and under what circumstances lower management and/or employees can declare an emergency, so no time is lost in the recovery process until the designated authority figures arrive on the scene.

Can lower management and staff make the wrong decision? Yes, but this would be greatly reduced with proper training—and that again is management’s responsibility.

Conclusion

A Disaster Recovery Plan takes great thought and is very involved. As managers, we have to think of all scenarios that may delay or even derail recovery and take steps to reduce that likelihood. Remember to always have a backup plan for your backup plan!

Related posts:

Now Available: A Simple Disaster Recovery Plan Template

Disaster Recovery Planning Step 1 – The Threat Matrix

Disaster Recovery Planning Step 2 – Critical Processes

XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions whose systems protect 460+ Petabytes of data with over 1400+ employees and 9 offices around the globe. Call (845) 362-9675 and let us introduce you to the ultimate defense against data loss—whatever the cause. Backup & Disaster Recovery | Business Continuity | Data Risk Assessment