The IMP should be aligned with the overarching policies and practices outlined within the overall Business Continuity Management Plan. Information flow should occur according to the communications plan. Organic and outsourced expertise and resources should be leveraged in conjunction with the organizational interface plan and the resource and procurement management plan. Interaction with media, families, and other groups should be guided by the public relations plan, and crisis response actions and decisions should conform with trigger plans and decision and authority matrixes. The IMP should also operate within the auspices of security management plans, standard operating procedures and tactics, techniques, and procedure policies. All policies, procedures, and plans should be complementary, with minimal duplication and overlap to avoid confusion, contradictory guidance, and wasted resources. Often the IMP and Business Continuity Management Plan will complement or leverage any company health and safety plans, as well as existing policies on dealing with the media or other operating practices; and companies may wish to provide some form of guidance to managers as to how the IMP will operate within the Business Continuity Management Plan, and what is expected of them during a crisis event.
The IMP may also work within the framework of security plans, which might determine how security and risk management is undertaken within a facility. A degree of tailoring may be required to merge the IMP into specific regional or task policies and plans. The IMP may also be supported by government response plans, and the points of connection should be defined and aligned to ensure that friction between internal and external plans or protocols does not occur. Modifications to the IMP should be done only as sanctioned by appropriate managers (or an IMP Custodian) in order to avoid conflicts with corporate interests, as well as to reduce the amount of deviation from response measures and information reporting formats.
Information Security
Some aspects of the IMP may be considered sensitive in nature, and consideration should therefore be given to who is permitted access to the plan. Other elements of the plan will be generic and intended for a wider audience, such as fire drills or suspect call responses, and managers should ensure that information and training are made available to the different levels of user audience. Where necessary, terms such as restricted and unrestricted can be applied to different elements of the IMP in order to ensure that managers share appropriate information with a wider audience, or restrict information to defined positions as required. Each recipient of the IMP is responsible for its safekeeping and for ensuring that no unauthorized copies are made.
Popular Posts
-
Nessus is a popular open-source scanner for organizations that choose not to spend the money on other proprietary products. There are s...
-
Often crisis responders will initiate a crisis notification through a verbal briefing. As such, it is imperative that a clear and accurate ...
-
The IMP should be designed to follow some simple principles in order to be most effective. The plan should reflect the nature of the bus...
-
The composition of the crisis and incident response teams should reflect the personnel required to analyze and deal with any events, fro... -
The company should either establish a permanent facility in which to manage crisis events (if the frequency and scope of crises facing its ...
-
The inability to effectively gather and share information is a frequent management failure during many crisis events both within the incide... -
Typically, the vulnerability information used by a particular vendor of a VM scanner or analyzer is stored in a database that is des... -
Definition of hazard • A characteristic or group Of characteristics that provides the potential for a loss. • Examples: Internal and e...
-
The first step in implementing a strategy for deploying physical scanners is to select a central location to which all scanners will re...
-
In many descriptions you will see the words "Critical Incident Response Team" associated with critical incidents. Many incident ...
0 comments:
Post a Comment