Resources for Startups: Business Continuity and Incident Response
March 18, 2020
Here is a non-Twitter version of a thread on business continuity and incident response planning for startups (or, anyone interested in the topic). [Link to Twitter thread.]
If you work for a startup, you might be re-thinking your business continuity and IR strategy. Having worked on Deepwater Horizon for almost 5 years, I got to learn from some of the best responders across industry, government and civil society.
Even if you're a small startup, becoming familiar with the National Incident Management System (NIMS) Incident Command System (ICS) will help you think about structuring a response.
NIMS = a common approach to enable community to work together to manage threats and hazards.
ICS = a management system designed to enable effective and efficient incident management.
Pay attention to the ICS organization structure guidance. Your company might only have 20 employees, but you can still apply it!
Establishing clear roles and a chain of command is key for both response planning and operations, as well as cultivating confidence across your team during times of crisis and uncertainty.
I was trained in the Planning Section for BP's Western Hemisphere Mutual Response Team (cool vest and all). In the midst of a crisis, the Planning Section (even if one person), will help you stay grounded and calm because it will establish process and order.
This may look complicated, but it doesn't have to be.
Establish your Incident Management Team and take it one step at a time using the Planning P (see image below).
Before each tactics meeting, make a list of issues to address. (You don't have to apply all the formalities in the image.)
If you are distributed (or like forms), you can use the NIMS ICS forms as templates to aid during the planning cycles. The briefing form and communications list can help you put together a plan for SITREPS.
Don't forget about communications. If you are a startup and don't have trained communications professionals to help you, read through the guidance on PIOs here so that you can plan ahead to the extent possible.
You may not need to address all of these items, but thinking about each of them in advance will help you prepare for the communications that you will need to deploy internally and externally.
If all of this seems overwhelming, start here with the FREE baseline web courses on NIMS and ICS.
The best thing about NIMS ICS is that you can scale it to your organization and team size. During Deepwater Horizon, at one point there were upwards of 40,000 people responding to the disaster. But, using this framework also works for very small teams. Try it!
If you have time to spare, all of the FREE web training on NIMS is here.
During times of crisis and uncertainty, it can help to learn about preparedness. And it's never too late (or too early) to put some structure in place around business continuity at a startup. I hope this information helps!
Follow me on Twitter @ldhawke