Putting the response plan into action
- the drawing up of an internal emergency response / business continuity / disaster recovery plan (the Plan) tailored to the business in question is a critical step in preparing for the eventuality of a major incident (whether or not there is a legal requirement to do so). The response plan should be a living document, with amendments made to it when relevant operations, personnel or circumstances change
- the response plan should set out:
- key emergency actions to take in various scenarios (including any regulatory requirements, if appropriate)
- internal response procedures (eg linked to the business's health and safety and environmental policies)
- any procedure in relation to utilisation of a disaster recovery space (if premises have been rendered unusable or inaccessible by the incident/crisis)
- if necessary, the steps to utilise any off site IT hub or server holding central information for business continuity purposes
- anticipated reporting lines
- instructions for dealing with emergency services, public authorities, affected third parties; insurers
- external advisers and consultants to be contacted
- the appropriate media strategy (see Media relations)
- review and implement any initial response plan protocols (eg consider whether key individuals within management have been informed of the incident)
- consider whether people 'on the ground' in the immediate aftermath of the incident know what to do (and what not to do), in line with the response plan
- the response plan should provide names and emergency contact details for the group of key individuals from which members of the IM team should be drawn (see Activating an incident team)
