By Jim Benlein, CISA, CISM
It’s not just important; it’s critical. But we often overlook or underplay keeping it protected and looked after in our disaster plans. It's our most important asset: our people.
While most business resumption plans provide details on protecting and providing for the efficient recovery of information, and effective restoration of data processing assets and facilities, little attention is paid to protecting and minimizing harm to employees and members. Plans, training, and testing need to focus on seeing employees and members are provided for first in disaster scenarios.
Consider how your plan addresses a fire. How much of the plan looks at keeping files and/or data tapes in fire-proof containers; maintaining offsite backups and systems; and having an alternative location to restart operations after the fire? Compare this to how much your plan covers what employees are to do when they smell smoke. Do employees know how to operate the fire alarms? What about fire extinguishers? Do employees understand how and where to evacuate to, and how to make sure all members are safely evacuated? And you ran this “disaster test” when?
You have your fire extinguishers examined and charged annually. When was the last time you looked over and updated the supplies in your first aid kit (besides making sure there was a big bottle of aspirin)?
Most CUs make sure there is at least one person in their offices who is a notary public. Can the same be said for someone who is trained in cardio pulmonary resuscitation? (You can check with your local Red Cross office about offering on-site training for your staff.)
As you look over budgets for next year, consider investing in your staff though CPR or First Aid classes. Plan for (and hold) fire, tornado or earthquake drills. Make “safe and sound” apply to more than just your financials.
Jim Benlein, CISA, CISM, is the owner of KGS Consulting, LLC, which provides policy and practice consulting and auditing services on information technology governance and information security programs for CUs.
Read a past CUES Skybox post and several Credit Union Management magazine online articles by Jim Benlein.
Learn more about CUES Enterprise Risk Management Powered by Vital Insight.
Remember, September is National Preparedness Month!
