More Than "How To" Response Plans Needed: Policies and Procedures Play Large Role in Recovery

All risk managers/business continuity practitioners put a lot of time and effort into developing programs and plans to avoid or mitigate risks.

All risk managers/business continuity practitioners put a lot of time and effort into developing response plans to recover from an event.

Personnel are trained and plans are exercised, critiqued, and the plan adapted as necessary.

We KNOW that if something goes bump in the night, the well-trained staff will be able to maintain at least a minimum level of service while restoring the organization to business as usual.

What most of us fail to consider is the well-being of the responders.

If I can borrow Norm Harris' worst case scenario - "there's only one scenario" I remember my mentor telling me, "and that's when you go to work and there's nothing there" let me set the stage to introduce an oft-overlooked subject: recovery-related policies and procedures.

Aren't standard policies and procedures - P&Ps - sufficient? In a word, "no."

Recovery P&Ps need to include, among other things:

  • Authorizations to purchase equipment
  • Communications with family
  • Family visits
  • Furloughs (pay, insurance)
  • Incidentals
  • Insurance assistance
  • Lodging
  • Maximum allowable time before a required break
  • Payroll
  • Per diem expenditures (lodging, food)
  • Record keeping (time, expenses)
  • Travel at the recovery site
  • Travel between "home" and recovery site
  • Work authorizations (if out-of-country)

The whys of the suggested P&Ps

Let's look at each item and see why this scrivener thinks it's a concern.

Authorizations to purchase equipment

Who is authorized to purchase hardware, software, and services at the recovery site. As with all things "business continuity," there needs to be at least two people authorized to make needed local purchases. No matter how well prepared, there always is something that is missing from the go bag.

Do different people have different limits? Can any responder charge something costing $5, $10, $20, or $50? What's the limit and what is the process to exceed the limit; who (by title) has to approve?

Communications with family

The responders need to talk to the folks left behind. While most of us now have cell phones and most cell phones have "free" long distance, there are those few have avoided the opportunity to be available 24*7. There also are limitations to available minutes on personal cell phones.

Will the organization provide cell phones for common/shared use so responders can call home? Will the organization pay for "over-the-limits" cell usage on personal phones? What about calls from the lodging? Using the company switchboard or PBX to route calls from incoming "8**" numbers to home phones probably won't be an option: if the building went away, the telephone switch went with it.

Family visits

If the recovery or work-away-from-home will last for more than a couple of weeks, smart organizations will make arrangements for family visits, "home R&R." Does the organization pay - in full or in part - for the responder to go home for a long weekend or for the responder's family to come to the recovery site?

Just who is considered "family." Traditional families; non-traditional families; immediate family members or extended - and how "extended" is "extended," anyway -family members.

If the responders are sharing quarters with other responders, will the organization pay or subsidize private quarters for the family reunion?

Furloughs (pay, insurance)

What about the folks who stay home. They lack any responder functions, but they need to be available when things return to normal.

Will they be paid - full pay, partial pay?

Will they be forced to take unpaid leave or told to take vacation time?

Will the organization continue the furloughed workers' benefits?

Are there any union considerations?

Incidentals

Will responder incidentals - toiletries, laundry, and dry cleaning as examples - be reimbursed? Will receipts be required for all expenditures or only over a certain limit. Is the limit set on a daily, weekly, or monthly basis?

Insurance assistance

Typically, the employee handles all the insurance paperwork for the family. (Enlightened companies have HR staff who are insurance experts available all year long.) Should a responder worry that an insurance claim won't get filed or paid while he or she is away from home? Or will the responder know there is someone close to home (e.g., an HR person) who can help deal with the insurance companies?

Lodging

Will responders each have their own quarters or will they be required to share space with other responders - and how many to a space? Will mangers have more space than rank-and-file? Who will make lodging arrangements? HR via a travel agency? Recovery-site managers; individual responders. (Also see Per Diem)

Maximum allowable time before a required break

There are Type A people who HAVE to "do it all." After about 36 hours, their ability to make decisions deteriorates, as does their manual dexterity. But these people won't listen to anyone who tells them to take a break.

The organization has to set limits on the maximum number of work hours before an enforced rest period. I won't suggest the rest period duration; I would think that the more stressful the job, the shorter the work period and the longer the needed break.

Payroll

This is more than just getting the checks cut. It means assuring that the checks get to the responder's family, either directly or through direct deposit. Consider that some left-behind family members have jobs, others are care givers - some are care givers with jobs; stopping their routines to collect pay normally collected by the employee spouse may not be a desirable option.

Per diem expenditures (lodging, food)

How much may be spent on food and lodging? Will per diem be the same as the GSA rates or GSA plus a percentage? Are personnel aware of the GSA rates (and GSA Web site with those rates)? Are the rates based on someting other than GSA? Record keeping (time, expenses)

Record keeping (time, expenses)

What records must be kept and by whom? Obviously responder time and all financial expenditures. Are there forms to collect this information; where are they? (If they are only available online they might not be available at all.) Are there controls to prevent abuse?

Travel at the recovery site

How will local-to-recovery site transportation be handled? Rental vehicles? How many to carry how many passengers? Taxi - and are tips covered? If recovery is performed in shifts, will a vehicle be needed for each shift?

Travel between "home" and recovery site

How will personnel travel to and from the recovery site? How many people can travel on the same conveyance, be it commercial carrier or private vehicle? If a commercial carrier, who will make the arrangements - individuals or HR via a travel agent - and how will the transportation be paid (personal or organization credit card, PO)? Work authorizations (if out-of-country)

Work authorizations (if out-of-country)

It's probably the least likely of things to consider, but if the responder has to work out of the county where he/she has citizenship, can the person legally work at the recovery site. This could be a problem for a person working on a visa to the production site; if the person leaves the country, can that person return?

To publish or not - opinions vary

It's this practitioner's opinion that the business continuity P&Ps - in fact all P&Ps - should be published and distributed to all personnel. I know some practitioners who, for their own reasons, disagree with my thinking, believing that published P&Ps can tie the hands of management. Given the reasoning behind SOx and other "transparency" moves, perhaps an openness should be preferred.

 


About the Expert
John Glenn, MBCI, (http://JohnGlennMBCI.com) is an enterprise risk management - business continuity practitioner with more than 13 years experience; he invites comments on this article and others at his Web site to Planner athttp://JohnGlennMBCI.com or by email at JohnGlennMBCI@gmail.com