“Some people don’t like change, but you need to embrace change if the alternative is a disaster.” The words of billionaire philanthropist, Elon Musk, may have originally been used to describe environmental policy, but the parallels to incident and crisis management are both viable and numerous. Ensuring your contingency plan is up-to-date may involve significant amendments, but if the alternative is a failure to minimise the fallout after a disaster, then you’re left with little choice.
Below we provide a list of five of the most important reasons to keep your contingency plan updated.
1. Employee Safety
The number one concern for all organisations is the welfare and safety of its employees. It’s not enough that one person knows what to do in a crisis. The purpose of a contingency plan is to give everyone a common understanding of what needs to be done and how to do it. This ensures that, in the event of a disaster, the chance of injury, or worse, is reduced.
Only by regularly updating a contingency plan – ensuring that changes to personnel, workspace layout, and risk rating are all current – can the safety of employees be maximised. In reality, no contingency plan can offer absolute protection for employees, but by ensuring everyone who has a role in handling the crisis knows their responsibilities, tasks, and the authority they operate under, it's possible to minimise the risk.
2. Legal Compliance
A multitude of laws and regulations specify or imply requirements for business continuity and disaster recovery planning. These requirements vary among industry sectors, affecting the development, focus and execution of business continuity plans, but a common theme among them all is the necessity to keep information up-to-date.
If contingency procedures are not maintained then not only is there a grave risk of failing to provide adequate safety for employees, but companies remain accountable for systems and processes and can face penalties for lack of adherence. The bottom line is that laws and regulations, as well as shareholders, expect organisations to exercise due care to ensure that necessary data is available, and a failure to do so can result in costly and even fatal sanctions.
3. Response Time
It’s impossible for a business to safeguard itself against all potential incidents. Disasters can occur at any time, often without warning, and when they do the fallout can be catastrophic. No one is immune, and the threats can come from anywhere. However, regardless of the cause, when disaster strikes, the time it takes to respond can be the difference between recovery and ruin.
By ensuring that all internal and external communication details within the contingency plan are updated and accurate, companies can minimise the time it takes to respond to a crisis, reducing the overall impact of the disaster. What’s more, the speed and efficiency at which your business handles a crisis can directly affect the damage done to people, property and the environment, as well as limiting the reputational damage that often results.
4. System Security
The aim of contingency planning is to map out the risks that are threatening your business. While this incorporates incidents relating to fire, flood, hurricane, earthquake, and terrorism, a more recent addition to the list is cyber crime. In the modern era, the impact of hacking is huge, and cyber deviants are routinely creating new and more sophisticated ways to corrupt systems and steal information.
For companies, this can result in loss of reputation, loss of competitive ability, loss of contracts and, ultimately, bankruptcy. To avoid these eventualities, system security is paramount, and by ensuring that contingency plans are updated to reflect the current best practices for responding to a cyber attack, organisations can better protect themselves when the time comes.
Many organisations are fighting a losing battle to improve security and contingency planning. Like other preventative measures, it often takes a back seat in terms of priority – especially when the C-Suite is made aware of the size of the task and quickly shifts the responsibility down the corporate ladder. Even in those situations when a robust contingency plan is in place, the apathetic culture towards disaster and crisis management can quickly seep into other key areas – particularly in regards to testing.
Nobody likes simulating disaster scenarios, but doing so is worthwhile. Not only does it allow you to determine whether the plan ultimately works, but it also provides employees with insight into their roles during a response situation and gives you a chance to see how the prescribed policies might work in practice in the event. As your contingency plan is updated, best practice dictates that testing should be performed to ensure that the steps are digestible and necessary. This not only helps to circumvent the passive attitude from management but also helps to cement employee understanding.
Contingency and Crisis Management
A contingency and crisis management plan is not a static document but one that must be updated as developments and changed circumstances dictate. Failure to keep your plan updated can result in slowed disaster response, vulnerable security systems, and the welfare of employees being jeopardised, as well as a lack of legal compliance.
In summary, the value of an up-to-date contingency and crisis management plan cannot be understated, but often, organisations find it difficult to know where to start. If this type of organisation sounds like yours, and you’d like to learn more about what your contingency plan should include, then download our free e-guide containing best practices for approaching structure and content.