How do you make sure that the learnings from one incident are transferable to another, unrelated, scenario?

"What you need is that leader...who identifies that the outcome is the same"

 

Michelle Griffey, Chief Risk Officer at Communisis, discusses business continuity planning with Jeremy Swinfen Green.

This year, the very popular teissR3 event focuses on how to improve your organisation’s cyber resiliency and adopt best-practice in incident response and crisis management in a post-COVID-19 world. Space is limited. Register your free place by clicking here.

Video transcript:

We've learned from the pandemic we can use that. Let's say scenario one, there's another pandemic. We know what we did last time. We can improve this time. Scenario two, there's a terrorist attack. Now in both cases, you can't go into the office.

Yeah.

How do you make sure that the learnings from one scenario are transferable to another apparently unrelated scenario?

I think that's-- once you've got over-- the people are the thing here, aren't they? So the people will react differently. If you can't go into the office because of a terrorist activity, your initial reaction will be very different from, oh, the government's just put me into lockdown and, hey, I'm going to work from home now. Whatever. Isn't that great?

But once we've got to get people over that initial panic, which generally will be happening in your organisations, some really good and strong incident managers, and then there is a bit of a skill in terms of those people that can manage an incident because it might mean that you've got to help people along or it might mean you're actually shouting at them to get out of the way.

But once you've got over that initial point, then what you need is that person, that leader, who actually identifies, well, you know what, actually the outcome of it's a pandemic or it's a terrorist activity or it's a flood or fire is the same. We can't get into the office. We can't get that work. Therefore, we've got to switch on whatever activity is without that plan in terms of, I suppose historically it can be a business continuity plan or a pandemic plan or let's call it a resilience plan.

That plan doesn't change. Because the thing you're trying to do is I can't get into the office so I need my work done elsewhere. That's the same. So actually one plan, keep it really simple. Takes you back to lean, doesn't it? Keep it really simple. One process. One plan. Everyone knows what it is. You test it. We've got to-- we tested our plans in live over the last four or five months. Yeah. And just keep it simple.

Michelle, that's been fascinating. Thank you so much.

Thank you.