Incident Response Plans: What Every Business Should Know About Recovery Resources

Incident Response Plans: What Every Business Should Know About Recovery Resources

If businesses need to invoke their Incident Response Plan (IRP) there is a possibility that this will be as a result of losing some or all of their primary infrastructure.

At this time, the Business Continuity Teams (BCT) will need to work quickly to overcome any issues that may arise. There may be a need to create reassurance and certainty for stakeholders, be they customers, employees, suppliers, investors, or regulators.

Considerations should include physical space and resources, including for the BCT’s welfare, business functionality, communication capability and data. The incident command centre, and of course someone responsible for making it all happen.

These can all be classified as recovery resources.

Physical space and resources

Physical space to operate in; this might be a dedicated environment or a temporary location available to the business—one space for the initial activation and then when moving into the continuity and recovery phases.

Crisis Management Centre

This is the space the BCT will be working from to begin with which will require all the necessary workplace equipment. It should also include welfare facilities and in case people are engaged for an extended period, kettle, tea and coffee, and snacks: a camp bed and sleeping bag wouldn’t be out of the question in case Incident Response Plans (IRP) are activated in the middle of the night. Accessibility should also be considered, as the IRP could activate at any time.

Battle box

It may make sense to store any crisis centre resources in a ‘battle box.’ This should be stored at a separate location from the business where it can be deployed to the crisis centre venue immediately. This can be supplemented by individual grab bags for the team members.

Grab bags

Individual team members may also have personal grab bags which gives them a minimum level of resources at their disposal wherever they are.

Grab bags contents may contain:

  • Pens, paper
  • Wind-up Torch
  • High energy snacks
  • PPE
  • Protective overalls
  • Chargers for mobile devices
  • Up-to-date copy of the BCP
  • Laptop
  • Up-to-date copy of the BCP

Communication and connectivity

An essential part of the Incident Response is the Communication Plan. Even if a business is in the cloud, it will need to be able to connect to whatever resources, applications and data required, so any crisis centre will also need the necessary network connectivity.

It’s also worth considering telephone handsets so the BCT can communicate outside of their normal contact numbers, which may be inundated. These devices will need to be pre-loaded with whatever apps are needed for any comms infrastructure (WhatsApp, Zoom, Teams, etc).

Data

Key business data is required immediately before any data backups are restored. Data may be in the cloud, but how quickly can it be accessed? There may be some business data that is needed immediately. An example of this might be production of dispatch rosters. If these aren’t immediately available through cloud resources, they could be provided as a weekly report sent by email or some other means whilst servers, applications and data are restored.

Ready to go

All resources must be ready to go as and when required. This means that they will need to be checked, maintained and tested regularly to ensure they work, any updates processed, or any consumables are in date.

Maintaining and testing a BCP is not just about exercising the Incident Response, it’s also about making sure that all business continuity arrangements are live, operational, and deployable. So, you will need a process for doing this.

How do you work out what you need?

One of the best ways to identify your needs is to do a walk-through of your activation process to look at what you need to complete each stage and how it is accessed, given a full loss of infrastructure. It can be helpful

About the author

This article is provided by our insurer partner, Arch and is written by Arch Insurance Risk Managers and/or surveyors and has not been verified for accuracy by a third party. This article is for general guidance only and aims to provide general information on a relevant topic in a concise form. None of the information should be taken as legal or professional advice and we recommend that for further information, you should speak to an expert in this field.