This week I read the suggestion that compliance work isn’t sexy. Well, I thought, that’s a bit harsh. Sexy is in the mind surely? And, I can pretty much guarantee, you have no idea what goes on in my mind when I’m working on compliance issues.
Take this week for instance, after returning from a week’s skiing (yes, I hear sharp intakes of breath…risky huh) I’m updating the business Disaster Recovery Plan, an annual treat for me that is inspired by Hollywood blockbusters such as The Towering Inferno, Die Hard or (in my worst moments considering the impact of proposed changes to the law) 28 Days Later. There are uninterrupted moments indulging my “what if” notions with appropriate Hollywood casting.
Of course “disaster” can have many different meanings and outcomes but the concept of thinking about how you would respond even to a low level “disaster” such as loss of power and communications might have a place on the COLP and COFA’s ‘to do’ list as part of the overall management of the business. It’s also a document that is more often sought as part of business development plans.
There is nothing like a calamity, or the thought of a calamity, to bring out my inner Girl Scout although reigning in my tendency for catastrophic thinking can make the paper exercise tricky. Composing a plan doesn’t have to be onerous and it shouldn’t attempt to cover every eventuality. In my view, for a SME, it’s all about top-level concepts. The detail is managed in response to the exact nature of the incident by those charged with responsibility.
I try to work by 3 simple rules:
- DO NOT USE CAPITALS OR TYPE IN RED to make a point. It’s not necessary and scares small children and business owners. If you say the word “disaster” too many times particularly when it’s coupled with a look of horror it loses its impact and often leads me to getting looks similar to those given by my teachers (“Barbara has an active imagination”). Disaster planning can be viewed as an unnecessary expenditure of time and effort after all if your premises are not in a high rise, located at the foot of a man-made reservoir or next to a large petroleum station what are the chances? However, I’m sure that lesser known Hollywood film-makers have considered including local-scale disasters such as electricity supplies being cut off by errant road workers, telephone and internet line failures and those unlucky instances where somebody sets fire to the toaster that shouldn’t even be on the premises. So, probably best to err away from those 5* blockbusters and concentrate on the mundane realities.
- My second rule is that the DRP should not introduce or cover a new concept or way of working. The document is there to record a response to risks that we recognise and the top-level plans proposed for covering key steps that need to be taken post disaster; obvious issues such as communications with staff, identification of alternative or temporary premises, recovery of data, restoration of communication channels and the allocation of top-level responsibilities within the Disaster Recovery Team (no capes required). It all links together with other compliance work I’ve done such as Data Protection. COLP and COFA’s might be thinking about accessing insurance information, restoration of paper files, off-site access to accounting and case management products and letting clients know what is going on.
- Finally it is very simply about the team. Every single person I have in the Disaster Recovery Team is somebody who I recognise is able to get the job done. They are confident decision makers who will shoulder responsibility and are good leaders.
So I’ve signed off this year’s revision and hopefully it will be a document that remains untouched for 12 months although I can pretty much guarantee that from time to time we’ll be using the principles to deal with minor blips because the concept of disaster planning is all about business continuity and we practice that every day.