Blog & Tools

Having a good disaster plan isn’t enough; it also must be tested

Fire Drill evacuation exercise at SDN Communications

During an emergency drill, members of a security committee at SDN Communications discovered that a gathering spot in a company building didn’t have enough room for all the employees directed there. So, the area will be enlarged. Some first-aid kits in the building will be relocated, too.

The changes illustrate the value of businesses having a plan for dealing with unexpected emergencies that can be tested and updated.

Developing good, amendable strategies for Business Continuity and Disaster Recovery – BCDR, for short – is absolutely critical to the survival and future success most businesses, according to experts.

Planning and preparing for disasters is “a continuous cycle of planning, organizing, training, equipping, exercising, evaluating, and taking corrective action in an effort to ensure effective coordination during incident response,” according to the Federal Emergency Management Administration and U.S. Department of Homeland Security.

BCDR plans shouldn’t be drafted just to fulfill a corporate compliance requirement, then relegated to a bookshelf or a computer file and ignored. Good businesses are prepared – to a large degree - for disasters before they strike.

Fire is a constant threat for most businesses. Floods, tornadoes and blizzards are among other common natural disasters that regularly confront businesses in the Northern Plains. Unfortunately, training for threats such as active shooters and terrorist attacks also have become necessities for businesses.

SDN provides broadband connectivity and cybersecurity services to other businesses and organizations. Those are critical services for clients. So SDN takes BCDR planning very seriously. Data centers are backed up with generator power, for example, and the corporate network is protected by redundant firewalls.

Emergency Response Station with AED, Phone, first aid, megaphone, walkietalkie

The Sioux Falls-based company has a 31-page BCDR plan that is supplemented with a couple of hundred pages of business-impact analysis. The plan is flexible, however. It is reviewed and tested regularly, and is updated whenever necessary.

“Testing and exercises are critical to making sure whatever you put in writing works,” said John Scarbrough, a member of SDN’s security committee. He also the director of IT for the company.

Keeping all company employees updated on the plan is very important, too, Scarbrough said.

“Testing is multi-faceted. But you’ve got to continue doing it. You hire new people and have to make sure they’re trained,” he said. “Practice makes perfect.”

SDN testing includes periodic trials of its public address system and group texts.

The company recently tested the preparedness of its in-house first responders with a drill in which someone was found on the floor, apparently unresponsive from fainting or a blow to the head. To add to the challenge, the test was in a secured area of the complex.

It’s not possible to fully prepare for some disasters, of course. A major ransomware attack, for example, or explosion is likely to have a lot of unpredictable variables.

BCDR Table Top Exercise Meeting

SDN prepares for those types of emergencies with roundtable discussions and tabletop exercises to help make sure company leaders pursue similar goals. Occasionally, experts in law enforcement or other fields are brought in for presentations.

Federal guidelines developed under the leadership of the National Institute of Standards and Technology, or NIST, are among the potential resources available for companies developing or improving BCDR plans, But an abundance of resources are available from organizations and government agencies.

Here are six general steps that many experts in the field generally include, in some way, in their suggestions for effective BCDR planning:

  1. Identify threats to your organization and its assets.
  2. Develop a strategy for dealing with each threat.
  3. Communicate plans throughout your organization, and train employees to follow the plans.
  4. Test the effectiveness of plans and identify shortcomings.
  5. Engage outside experts, if needed, and update the plan.
  6. Repeat the process.

SDN Communications is a regional leader in providing broadband connectivity and cybersecurity services to businesses in communities such as Sioux Falls, Rapid City, Worthington, and the surrounding areas.