Event Documentation – Don’t Leave it for Later

Suppose your business suffers a temporary disruption.  (The cause of the disruption doesn’t matter; neither, necessarily, does the length of the disruption.)  A disruption that impacts customers, prospects or finances (and almost every disruption – even for a few minutes – will), may trigger compliance obligations.  You may need to file an insurance claim.  Or you may need to provide government or industry regulators with the details of how your organization dealt with the disruption.

Do your Business Continuity and Incident Management plans lay out the needs and requirements for documenting actions taken during disaster or other disruption?

Any business disruption will generate a flurry of activity.  Will you be able to recall all of those actions once order has been restored?  Or will you have to spend countless hours reconstructing what happened, who did what and how long each action took.  It is unlikely you’ll be able to capture every action by every participant.  And the longer the disruption lasts, the longer that list of action will be.

Obtaining a complete and accurate accounting of your organization’s actions in response to a disruption may be critical to satisfying regulatory and insurance requirements.

So doesn’t it make sense to build documentation into your Business Continuity and Incident Management processes?

If your organization uses the Incident Command System (ICS), there is a whole catalogue of ICS forms that can be used to document actions during an Incident.  Even if you don’t follow ICS procedures you might consider including MSWord versions of appropriate forms for recordkeeping within your BC and IM plans.

Do the regulatory agencies which oversee your industry publish guidelines or requirements for Incident documentation?  Have you asked your insurers what they would require should you need to file a claim?

Your Business Continuity Management program should include more than just plans to take action; they should also include a method of recording those actions.  Automating or mechanizing the documentation process may be the best solution. (That is one of many reasons to consider eBRP Suite to automate your entire BCM lifecycle).  Or you can include recordkeeping requirements and appropriate forms within your plans.

When your business suffers a disruption – and it eventually will – viable Business Continuity plans and Incident Management procedures will help assure your effective recovery.  Just remember to include event documentation in your BCM and IM procedures – so you won’t create a second ‘incident’ when you need to scramble to document your actions for regulators and insurers after the fact.

SHARE:
Jim Mitchell

Jim Mitchell

A frequent speaker at Business Continuity conferences, many of Jim Mitchell’s blogs can be found elsewhere on eBRP’s website and has published articles in DRJ, Continuity Insights and Continuity Central. Jim has more than 20 years of experience in Business Continuity; if you don’t agree with his opinions – he won’t be surprised.

Related Posts

A Toolkit to Build Enterprise Resiliency

A Toolkit to Build Enterprise Resil...

A well-rounded Enterprise Resiliency Toolkit (𝗧𝗼𝗼𝗹𝗸𝗶𝘁) would provide key tools…
Enterprise Resiliency: Navigating Through Disruptions

Enterprise Resiliency: Navigating T...

In today’s threat landscape, the ability of an organization to…
Orchestrating BC/DR Testing: Virtual – Emergency Operations Centers

Orchestrating BC/DR Testing: Virtua...

  Enhancing Planning and Logistics Management  Coordinating BC/DR tests involves…
Insights into creating a successful Disaster Recovery Test – Part 2: Preparation

Insights into creating a successful...

Insights into creating a successful Disaster Recovery exercise – Part 1: Objectives

Insights into creating a successful...

Aligning Cyber Incident Response Planning with Your BC/DR Program

Aligning Cyber Incident Response Pl...

Cyber disruptions – and their impact on both reputations and…
What Can You Do when your BCM software Relationship Falls Apart

What Can You Do when your BCM softw...

“This isn’t working.”  “I’ve changed.”  “I don’t see a future…
Aligning BC/DR to CSIRP Challenges

Aligning BC/DR to CSIRP Challenges

The immediate reaction to a cyber-security incident is the FUD…
Technology Modeling – the eBRP Way

Technology Modeling - the eBRP Way

Definition: Technology modeling is a point-in-time snapshot of an Enterprise’s…
eBIA – The eBRP Way

eBIA - The eBRP Way

Definition: A Business Impact Analysis (BIA) is the cornerstone of…