Be Sure You Learn the Right Lessons from Crisis Events
IOMA - Security Director's Report (04/10) Vol. 2010, No. 4
Studies reveal that organizations usually have a better response to a disaster the second time around. Put another way, one of the best ways to become crisis-ready is, unfortunately, to experience a crisis. But the extent to which a company prepares for a reoccurrence depends on whether it asked the right questions and learned the right lessons the first time. "Business Continuity Management" author Michael Blythe says companies should ask the following questions during a post-disaster audit:
-
Did pre-crisis assessments identify risks and prioritize them appropriately?
-
Did our mitigation efforts offset the damage?
-
Were managers well-equipped, and did they implement contingency plans?
-
Are the risks the same post-incident?
-
How should immediate, interim, and long-term strategies be modified? And;
-
What tactics, training, or policies need to be revised?
As companies examine what post-crisis lessons can be culled, they must be aware of their organizational bias toward either a centralized or decentralized crisis management style. In a centralized response, authority is consolidated among higher-level manager during an event, while in a decentralized response individual business units, departments, and people are empowered to manage and respond to a crisis.
Web Link
