In my opinion, risk mitigation and preparedness operations should be on the list of top priorities for company executives and agency heads. However, activities dedicated to response and recovery can fill the gaps an organization might have missed in preparing for an emergency or minimize the impact of an unexpected hazard both short- and long-term. As an emergency manager, I believe that it is important to conduct at least three initial meetings to discuss the response and recovery processes I am planning to work on during my time at the firm. The first meeting will be centered on the activities and concepts related to responding to hazards. The second meeting will focus on specifying the company’s approach to recovery operations. Finally, the third meeting will be dedicated to providing specific details in regards to the action plans I propose to respond to and recover from potential emergencies efficiently.
I would explain to my employer what response is and why it is important to invest in building up the company’s capabilities to respond to hazards efficiently. Responding to an emergency involves minimizing damage, reducing the risk of secondary harm, as well as speeding up recovery via systematic damage assessment. Thus, all of the actions aimed at responding to a disaster have to be well-structured and require hours upon hours of preparation.
Employees have to go through training on how to respond to the threats most likely to impact an IT enterprise. Cyber-threat training should be mandatory for every employee, except for a special team dedicated entirely to network security and damage assessment. These employees would have to create and implement a system, which can enable passive oversight over the company’s software. The U.S. Homeland Security Department (2016) notes that the main aspects of response are “(1) developing a single set of objectives, (2) using a collective, strategic approach, (3) improving information flow and coordination” (p. 4). My goal, as an emergency manager, is to ensure all of the collective efforts of various teams within the company and external forces are coordinated accordingly to meet a single set of established goals and items of an action plan.
Unlike response, recovery operations occur after the disaster, and not during it. Recovery mainly focuses on the implementation of long-term solutions, although some short-term agendas are encouraged to ensure the company quickly rebuilds its operating capabilities after a hazard. During recovery, resilience and redundancy are exceptionally important as the only efficient way to minimize and recover from damage is to plan accordingly and develop steady yet flexible operational frameworks, as well as create the necessary back-ups, which the company can fall back on even if its servers are diminished. Another important factor to consider is the development of continuity of organizational planning, which means that an action plan for emergency response and recovery has to prevent interruptions in case of a hazard. This involves plans for employee training, relocation, and development, as well as resource allocation and maintenance of efficient communication channels. The primary objective is to speed up recovery by making sure the impact of an emergency is minimal.
This last meeting will be dedicated to presenting the objectives I will enforce at the organization in regards to building up the company’s capabilities for response and recovery. In terms of response, I will create a sample plan for each potential threat of the ones identified in previous meetings. Each plan will include a set of actions, key people responsible for implementing the actions one at a time or simultaneously as well as their roles. To test the plans, each will be put into action through regular simulation training and quarterly assessments. In addition, the plans will include budgets in attachments and the necessary equipment. The list with the items will be prioritized and presented to the boss for him to allocate funds to purchase and set up all the essential equipment needed. As for recovery, I will develop plans as well, which will include timetables, recovery strategies, and detailed descriptions of the necessary resources, including equipment, funds, and staff (Invest Northern Ireland, n.d.). Therefore, apart from planning for appropriate response and recovery operations, the plans should be regularly tested and updated.
In conclusion, it is evident that while mitigation and preparedness are crucial, emergency managers need to go beyond that and invest in developing the appropriate frameworks for disaster response and recovery. While the purpose of the response is to minimize the impact of a hazard at the time it is happening, recovery initiatives are aimed at ensuring the company can return to normal as quickly as possible. For my particular place of work, which is an IT enterprise serving many high-profile clients, the focus on response and recovery efforts should be on building up resilience through extensive planning, testing, and training. In addition, another crucial factor is redundancy and the creation of the appropriate back-ups, which is imperative for dealing with data, particularly the data from government offices and large corporations.
References
Invest Northern Ireland (n.d.). IT risk management. NI Business Info. Web.
U.S. Department of Homeland Security. (2016). National Response Framework. Ready. Web.