PROJECT MANAGEMENT -3

I.How To Prepare For Business Disasters

If you, like most people, think that starting a business is the toughest part of entrepreneurship, allow us to change your view. Managing a successful business year after year, while ensuring that it is protected from harm, is even more challenging. Tense, already? Take it easy! … We are here to give you some tips on how to prepare yourself to face business disasters Disaster Management and Preparedness (Occupational Safety and Health Guide Series).

It might happen some day. Despite not being located in a disaster-prone area, calamity like wind storms, tornadoes and earthquakes can hit any time with little or no warning, destroying your entire business. Even if a flood doesn’t put your business under water, it may distance your customers and suppliers. Alternatively, lengthy illness, accident or unexpected death of one of your business’ co-founders can also mean the collapse of your company.

Hence, while running the business, you should have a plan of how you will handle catastrophe. Although, you cannot be hundred percent sure that you have covered all the unpleasant possibilities, here are some simple steps that can help protect your business and its assets. Let’s talk about them.

1. Find out what might go wrong:

First of all, list out what could go wrong with your business. Once you have identified the threats, you need to rank them in order of maximum impact and likelihood.

Next, assess how vulnerable your business is to those calamities. For example, think about whether the employees are properly trained on an appropriate course of action to be taken in the face of natural calamity. If you’re worried about security issues, find out whether the company’s security system is capable of thwarting insider theft. Other exigencies include sudden power failure, an accident on the work site or incapacitation of key staff members.

2. Write down a plan:

Your next job is to create an ‘emergency action plan” Disaster Management and Preparedness (Occupational Safety and Health Guide Series) (Hardcover)
by Thomas D. Schneid (Author), Larry R. Collins. It is basically a manually written document for dealing with the identified threats to your business. The modules of your plan must make sense, and also be in conformity with prevailing law. For instance in the United States, it should contain an OSHA-directed evacuation plan; must follow the Sarbanes-Oxley antifraud law; should not contradict the provisions of the 1996 Health Insurance Portability and Accountability Act, the National Fire Protection Association’s Life-Safety Code and so on.

Let’s give you an idea of how to go about that emergency action plan.

I. A list of people responsible for assessing the degree of risk to the business should be clearly included.

II. A list of names and designations of people who are responsible for making decisions, checking response actions, and bringing the business back to its normal operations should be incorporated. Make sure that someone responsible is in charge of contacting emergency service providers. In addition, nominate a person to act as a contact point for outside parties, such as customers and vendors.

III. Instructions about the proper handling of various machinery and equipment must be included.

IV. Guidelines on emergency rescue operations, medical tasks, fire fighting and other activities must be provided.

3. Sit with your people:

Once you are through with drafting the plan, sit down with your employees to discuss it. Your people should be properly informed about all the threats that could strike, and what they are expected to do in the event of disaster.

If they seem to have no prior experience of handling any type of business crisis, you had better arrange a trial run for them. It might also result in your employees devising a more efficient strategy of tackling a business disasterDisaster Management and Preparedness (Occupational Safety and Health Guide Series) (Hardcover)
by Thomas D. Schneid (Author), Larry R. Collins.

4. Inform the people concerned:

You are also supposed to inform the authorities and other service providers about the identified threats and the action plan you have prepared to deal with them. During a crisis, the concerned people are typically the police, the local fire department and the emergency medical service.

It is a proven fact that those businesses that acquainted the authorities with this information lost less in times of trouble. At the same time, being experienced in handling emergencies, they can provide you with valuable advice on how to improve your preparedness Disaster Management and Preparedness (Occupational Safety and Health Guide Series) (Hardcover)
by Thomas D. Schneid (Author), Larry R. Collins.

While these measures may help your business recover from the ravages of disaster, it might still reel under the aftermath of calamity. Often, injured parties might sue your business for damages suffered on its premises. Another time we’ll talk about how you can save your company from being dragged into court at the end of a business disaster, and how to come out on top, should the worst happen.

II. 3 Steps to Planning a Security Policy

It is common for many companies to notice a security problem and then immediately look for technology solutions to plug up the hole. In the end, companies wonder why they have an abundance of solutions that do not efficiently secure company assets. This is where planning becomes a necessity.

The Importance of Planning
Planning your security policy requires a close analysis of employee behavior in different job roles and is also the time for company security goals to be articulated. Having problems and goals evaluated simultaneously makes it easier to come up with all-encompassing solutions that will be effective and advantageous for all. A good rule of thumb when planning a security policy is to base the policy around risks rather than technology. A policy should not change as the technology changes.(1)

The Planning Stage helps to address this, by focusing on employee behavior. This is crucial because, changes in policy often start with changes in procedure.

Organizations need to understand that much of information security and privacy work that needs to be done are people-based [regarding] policies, procedures, training, awareness [and] response activities.(2)

Planning Your Security Policy
There are three factors to keep in mind when planning your policy. The first requires you to express the goals of your policy. What are you trying to accomplish? What are you trying to protect? The second step requires you to scan the work environment and identify vulnerabilities that exist within current processes. The final step asks you to create a plan of action that will help alleviate the flaws. All are equal contributors to planning success.

Step 1: Setting Goals for Your Security Policy
Your security policy goals should run parallel with the goals set for your company. For example, if your company is customer oriented, then a goal of your security policy should be to protect your customer and their data through use of encryption and network security.

Furthermore, all parties should play a role in goal setting. This is crucial because if a security breach was to occur, each department plays a different role in the recovery process, as well as in re-evaluating procedures for policy improvement. Global involvement allows each department time to invest in the policy, ensuring a higher level of cooperation when the time comes to implement the policy.

Step 2: Identifying Security Vulnerabilities
A company must examine existing procedures and identify all processes that pose a security risk. For example, policies regarding data management; how data is protected during storage, how long it is kept and proper methods for data deletion are common pains in the corporate world. Some questions that may help identify such vulnerability include:

• What types of sensitive information does your company handle?
• Which department handles each piece of sensitive information?
• Is sensitive information stored with non-sensitive information?

Such questions should spur some thought as to what changes need to be made in order to begin alleviating the risks that accompany current processes within departments.

Step 3: Creating a Plan of Action
After identifying which processes require change, create a plan of action for mitigating these risks. Each plan should consider how long it will take for the each change to occur, what type of training is necessary for each individual/department to meet the newly adopted standards and also what responsibilities each individual/department can be held accountable for (i.e. how often are gap analyses(3) regarding security conducted and who conducts them?)

Other challenges include budget limitations and optimizing upon security measures while still adhering to auditing standards. Such measures “should be traceable from one document to another so that audits can easily verify that policies are being enforced.”(4) If technology solutions are an option, comparing different products may be helpful.

After procedures have been established, decision makers should be able to identify “which personnel roles are responsible for which activities, which activities need to be logged, [and] how often inspections and reviews are done internally.”(5) They should also have followed up with a procedure for making additional changes to the policy in the future.

Security Policies to the Rescue
Security policies are a necessary element to prevent your business from facing disaster. “Information security and privacy cannot be a band-aid-add-on after a product or system has been launched; it must be incorporated into the mindset of all personnel,”(6) with ample time and training provided to ensure internalization.

Now that you have your security policy planned out, it’s time for policy implementation. But before you try putting your security policy into action, read Implementing Your Security Policy to get some implementation tips.