Printer Friendly

How to survive ... and succeed.

How to Survive . . . and succeed

AS A CORPORATE SECURITY DIRECTOR or manager, do you know your role in your organization's contingency, emergency, or recovery plan? Does your company even have such a plan? Does state or federal law require one? Who is responsible for formulating and implementing it? Are you responsible only for the physical security of your plant? Are you responsible for safety? And finally, what do all these questions have to do with security's role in contingency planning?

If your organization was typical of the business world of the '80s, contingency planning got little serious attention unless it was mandated by law, as it is for financial institutions. However, due to a recent series of widely publicized natural disasters, most organizations are at least becoming aware enough of recovery problems to give the matter lip service.

This point is where the typical security operation comes in. Since few companies are willing to create a new department for what they view as a manual-writing function, the odds are good that they will let security handle it. Now you really have your work cut out for you. Let's take a look at some of the unique challenges you face.

You have to be a coordinator, mentor, mother,

and bully.

First you have to establish whether your company is serious or just looking for another book to put on the shelf. If it is serious, you should have the backing of your senior management. This backing must be made known throughout the organization.

The best way to publicize management's backing is to have your CEO or president instruct senior managers to spread the word and give you all the support you require. That puts everyone on notice and smooths a lot of roads. You will still meet resistance when you require a specific commitment, but you will have a little leverage.

Your next challenge is to identify the critical departments of your company through a risk analysis and determine what it would take to keep them in business or reestablish their business function after a disaster.

Since you do not know precisely what makes those departments work, how do you decide what they need to continue or resume business? You don't - you have each department conduct its own risk analysis and document what it needs to survive and resume. You have to be a coordinator, mentor, mother, and bully. You tell everyone what to do and when and how (in general terms) to do it.

As you work with other departments, you must also conduct your own department's risk analysis and formulate a plan to cover any contingency. You must look objectively at your department's people, equipment, and procedures to see whether they are adequate to support your company in time of need. If not, identify and eliminate the shortcomings. If your people, equipment, and procedures are adequate, write your own departmental plan, review it, disseminate it, and, most importantly, test it with your staff. Bear in mind that you're doing this while continuing your day-to-day operation, which until this point you thought was a full-time job.

Having received full cooperation from all the departments in your company, you have a desk full of rough-draft plans. What next? You schedule a series of meetings with all the principals. At the meetings, you and the head of each department review his or her plan and fine-tune it. Then you meet with all the principals together to consolidate the plans, eliminate redundancy and conflicts, and mesh all the pieces together into one usable plan.

The next step is to collate all these pieces into one overall contingency planning manual and submit it to senior management for comments and approval. You must also have your legal department review the manual. Both senior management and the legal department should sign off on it before it is published and distributed. Since senior management is backing the project, you may be able to get a letter of support to use as an introduction page for the manual.

AT LAST YOUR JOB IS DONE, right? Wrong. Although an important step is completed, you are really only beginning. And since you did such a good job on this, who would be better to continue with the project as your company grows?

What happened here? Senior management just wanted you to write a contingency plan for the company, and you did it. What management didn't tell you is that contingency planning is a process, not a project. In practical terms, that means you now have job security. As the author of the plan, you will naturally be designated as the keeper of the books.

Let's look at your own department to get an idea of what it means to maintain the plan. Like any good manager, you are constantly trying to upgrade and professionalize your staff. That involves personnel changes through promotions, terminations, and resignations.

As your company grows, you will have to expand your staff to meet the demands of the expansion. That growth will change the players on your organizational chart, which will require changes in your department's contingency plan. Who will record those changes and make sure the new players know about the plan and their role in it? The keeper of the books will. When your multiply the number of changes you personally have to make by the number of departments in your company, you will get a vague idea of what I mean by job security.

All the departments will be going through the same growing and stretching pains, and somebody has to gather the information, update the manual, disseminate the information, and make sure everyone is aware of his or her role and responsibilities in an emergency.

In addition, no plan is any good unless it is tested. As the main mover in this process, you will be tasked with setting up training or practice exercises. You will probably start with tabletop exercises by department, then conduct a complete practice drill involving the whole company.

What you're looking at here is approximately two years' worth of work before you can even think of having an integrated drill. There's that job security again. Of course, after each drill or exercise - whether it involves one department, a section, or the whole company - critiques, discussions, and changes need to be made. As these changes and improvements are made, the contingency planning manual has to be updated with the new information. Couple that with the internal organizational changes, and you can see a whole new career for yourself.

What is security's role in contingency planning? It's a dominant one. Contingency planning is the security challenge of the '90s. If your company is not ready involved in contingency planning, bet that it soon will be, get a jump on the task now, do your homework, and prepare for that additional job security.

Donald C. Sanford, CPP, is the emergency planning coordinator for Great Western Financial Corporation in Chatsworth, CA, and is a certified disaster recovery planner. He is a member of ASIS.
COPYRIGHT 1991 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1991 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:contingency planning
Author:Sanford, Donald C.
Publication:Security Management
Date:Jan 1, 1991
Previous Article:The key to capture.
Next Article:When the shooting starts.

Related Articles
How we built our contingency plan.
Contingency planning should be operationalized.
AS/400 "Won't Go to IA64" Though Contingency Plans Exist.
Adversity Quotient Turning Obstacles into Opportunities.
Companies must protect against new vulnerabilities. (News and Views).
Be prepared.

Terms of use | Copyright © 2017 Farlex, Inc. | Feedback | For webmasters