Best Practices for Disaster Communication Plan
Recovery is not only about getting back in operation - it is also about seeing that everyone is kept in loop
In the wake of an emergency, it is imperative for companies to maintain clear and effective channels of communication in order to quickly assess damages and coordinate recovery efforts. Because essential business operations can be affected by any stage of interruption, companies have in placed an incident communication plan to deliver essential communication to employees and first responders.
Best practices for an incident communication plan include:
- Understand the operational environment. Consider solutions that allow two-way communication over a variety of channels, including land line, fax, mobile, short message service (SMS), Blackberry PIN-to-PIN, email, and more. These features become very useful in the delivery of important and urgent information when communication infrastructure is compromised.
- Contact information should be up-to-date. Business continuity managers should regularly check their recipient lists to ensure that all contact information is up-to-date so when a disaster occurs, employers are confident that notifications are being delivered to the right person on the correct device.
- Security and protection of sensitive information should not be forgotten. If the contact information is breached by individuals that are not authorized there are significant regulatory and sensitive information compliance issues that are impacted.
- Escalation plans should be in place. Crisis situations demand that the proper people are contacted about a situation that needs immediate attention. Best practices notification systems include integrated mechanisms that support a call escalation process. If the first person contacted is not the correct individual for the situation, the notification system automatically contacts the next appropriate person according to pre-determined processes.
- Train personnel and test the process. When creating business continuity and disaster recovery plans, it is essential to properly train personnel on how to use notification systems so they are able to monitor the entire alert process. Studies show that companies who educate their employees correctly achieve significantly greater response rates. Also, be sure to test alert process during normal business hours and address any glitches to be certain notification deliveries are successful when needed. Once that test is completed then test the process outside of normal business hours.
- Incentivize all employees to sign-up for notifications. When a notification system is installed, it is critical that all user contact information is saved within the system's database so that staff can be alerted immediately during an urgent situation. This ensures the reliable and speedy delivery of important messages at the right time, to the right person, on the right device.
The policies have just been updated to comply with all mandated requirements and include electronic forms that can be Emailed, filled out completely on the computer, routed and stored electronically -- a total solution.
We have just completed a major update of most of the individual polices and almost all of the electronic forms.
- CIO IT Infrastructure Policy Bundle (All of the policies below are included as individual MS Word files and a single PDF file. Electronic forms are all individual documents that are easily modifiable)
- Backup and Backup Retention Policy
- Blog and Personal Web Site Policy (Includes electronic Blog Compliance Agreement Form)
- BYOD Policy Template (Includes electronic BYOD Access and Use Agreement Form)
- Google Glass Policy (Includes Google Glass Access and Use Agreement Form)
- Incident Communication Plan Policy (Updated to include pandemic considerations and social networks as a communication path)
- Internet, e-Mail, Social Networking, Mobile Device, Electronic Communications, and Record Retention Policy(Includes 5 electronic forms to aid in the quick deployment of this policy)
- Mobile Device Access and Use Policy
- Patch Management Policy
- Outsourcing and Cloud Based File Sharing Policy
- Physical and Virtual Server Security Policy
- Privacy Compliance Policy - California Privacy Act
- Record Classification, Management, Retention, and Destruction Policy
- Safety Program (Includes mandated OSHA electronic forms)
- Sensitive Information Policy (CCPA, GDPR & HIPAA Compliant and includes electronic Sensitive Information Policy Compliance Agreement Form)
- Service Level Agreement (SLA) Policy Template with KPI Metrics
- Social Networking Policy (includes electronic form)
- Technology Acquisition Policy
- Telecommuting Policy (includes 8 electronic forms to effectively manage work at home staff)
- Text Messaging Sensitive and Confidential Information (includes electronic form)
- Travel, Electronic Meeting, and Off-Site Meeting Policy
- Wearable Device Policy
- IT Infrastructure Electronic Forms