In preparedness and emergency management, the concept of risk and hazard identification is fundamental. However, the potential inability to access important documents, particularly during an emergency scenario, is often overlooked. If you experienced a catastrophic loss and could not access response plan documents, would you be able to conduct an effective response?
Companies must mitigate the risk that an incident may incapacitate access to response plans. In order to manage risks and build resilience, Traditional risk-management tools must be incorporated with new technology-based concepts. With more people owning multiple computing devices such as laptops, tablets and smart phones, the idea of data being restricted to a single desktop computer or binder without adequate redundancies is antiquated. Cloud and web-based technology offer enterprise-wide, up-to-date redundancies that traditional record keeping methods cannot provide.
Response Team and Stakehold Accessibilty
To counteract potential incidents, fallout vulnerabilities, and regulatory noncompliance, response plans should be securely shared with and accessible to regulators, auditors, inspectors, and responders. Having up-to-date information readily available to trained responders has been proven to limit the duration of the emergency. The faster responders can locate, assess, access, and mitigate the emergency, the sooner an incident can be contained. However, in order to minimize additional vulnerabilities, applicable data and confidential information must be secured.
A recent survey conducted by IT industry association CompTIA, found that more than 90% of companies use or have transitioned to some form of cloud technology in order to increase flexibility and reduce costs. However, the report revealed that only 48% of those surveyed utilize cloud-based methodology for business continuity/disaster recovery processes. When authorized users can access response plans information from any location, response expertise can be maximized and maintenance efforts can be shared.
In the event of an emergency, up-to-date paper plans may not be available from other locations. Although some companies post electronic plans to their intranet that can be accessed remotely, the process of updating these plans is time-consuming and inefficient. In addition, if a catastrophic event occurs, there is the possibility that the main data source or server will be inaccessible.
When an incident is isolated to a particular location, cloud or web-based response plans can enable response measures on a company-wide scale. Cloud or web-based plans can also provide hyperlinks, forms libraries, simplified interfaces, and other tools designed to improve functionality for plan users.
Cyber-Security and Response Plan Redundancy
But with any data system cyber-security and back up efforts are essential. In the event Internet connectivity is terminated or inaccessible, emergency managers must have alternative means to access plans. Redundant data centers, scheduled download, and security measures must be a part of any web or cloud based emergency management program
When first responders can exercise approved response processes and procedures, responses can become second nature. Plan accessibility allows appointed responders to clarify critical contact information and responses to altered site circumstances, operations, or materials. Inaccessible response plan can facilitate confusion, inconsistency, and potentially accelerate impacts and financial loss.
As technology dependencies become more ingrained in company operations and emergency management programs, it is essential to institute company-wide best practices for computer security, downloads, and backups in order to secure necessary technologies and communications networks.
Cyber exercises allow stakeholders to simulate real-world situations, to improve communications and coordination, and to increase the effectiveness of broad-based critical infrastructure protection capabilities without the consequences of real cyber event. These specific exercises educate employees on technological policies and provide a means to evaluate cyber incident preparedness, mitigation, response, and recovery capabilities.