From the 1SecureAudit Operational Risk eLetter - September 8, 2003
Here are ten steps to Practice Continuous Continuity (C2) to Secure your Enterprise:
1. Develop and practice a contingency plan that includes a succession plan for your executive team.
2. Train backup employees to perform emergency tasks. The employees you count on to lead in an emergency won't always be available.
3. Consider creating offsite crisis meeting places for top executives and operational teams.
4. Make sure employees—as well as executives—are involved in the exercises so that they get practice in responding to an emergency and following orders in potential chaos.
5. Make exercises realistic enough to tap into employees' emotions so that you can see how they'll react when the situation gets stressful.
6. Practice crisis communication with employees, customers and the outside world.
7. Invest in an alternate means of communication in case the phone networks go down, including wireless devices.
8. Form partnerships with local emergency response groups—firefighters, police and EMTs—to establish a good working relationship. Let them become familiar with your company and site.
9. Evaluate your company's performance during each test, and make changes to ensure constant improvement. Continuity plans should reveal weaknesses.
10. Regularly test your continuity plan to reveal and accommodate changes. technology, personnel and facilities are in a constant state of change at any company.