The IMP should be aligned with the overarching policies and practices outlined within the overall Business Continuity Management Plan. Information flow should occur according to the communications plan. Organic and outsourced expertise and resources should be leveraged in conjunction with the organizational interface plan and the resource and procurement management plan. Interaction with media, families, and other groups should be guided by the public relations plan, and crisis response actions and decisions should conform with trigger plans and decision and authority matrixes. The IMP should also operate within the auspices of security management plans, standard operating procedures and tactics, techniques, and procedure policies. All policies, procedures, and plans should be complementary, with minimal duplication and overlap to avoid confusion, contradictory guidance, and wasted resources. Often the IMP and Business Continuity Management Plan will complement or leverage any company health and safety plans, as well as existing policies on dealing with the media or other operating practices; and companies may wish to provide some form of guidance to managers as to how the IMP will operate within the Business Continuity Management Plan, and what is expected of them during a crisis event.
The IMP may also work within the framework of security plans, which might determine how security and risk management is undertaken within a facility. A degree of tailoring may be required to merge the IMP into specific regional or task policies and plans. The IMP may also be supported by government response plans, and the points of connection should be defined and aligned to ensure that friction between internal and external plans or protocols does not occur. Modifications to the IMP should be done only as sanctioned by appropriate managers (or an IMP Custodian) in order to avoid conflicts with corporate interests, as well as to reduce the amount of deviation from response measures and information reporting formats.
Information Security
Some aspects of the IMP may be considered sensitive in nature, and consideration should therefore be given to who is permitted access to the plan. Other elements of the plan will be generic and intended for a wider audience, such as fire drills or suspect call responses, and managers should ensure that information and training are made available to the different levels of user audience. Where necessary, terms such as restricted and unrestricted can be applied to different elements of the IMP in order to ensure that managers share appropriate information with a wider audience, or restrict information to defined positions as required. Each recipient of the IMP is responsible for its safekeeping and for ensuring that no unauthorized copies are made.
Popular Posts
-
Often crisis responders will initiate a crisis notification through a verbal briefing. As such, it is imperative that a clear and accurate ...
-
Nessus is a popular open-source scanner for organizations that choose not to spend the money on other proprietary products. There are s...
-
Incident and problem management processes are intended to handle problems that are raised through the service desk as well as responses t...
-
The composition of the crisis and incident response teams should reflect the personnel required to analyze and deal with any events, fro... -
Being able to classify and categorize different types of releases into release models allows one to determine the types of governance and ... -
The IMP should be designed to follow some simple principles in order to be most effective. The plan should reflect the nature of the bus...
-
The inability to effectively gather and share information is a frequent management failure during many crisis events both within the incide... -
The passive analysis approach has several advantages: The analyzer does not interact with the network to discover hosts and their r...
-
Many healthcare organizations confuse emergency operations planning with preparedness. In fact, developing an emergency operations plan (...
-
Each company will define the composition and structure of its own crisis response group dependent on the nature, size, and scope of the ...
0 comments:
Post a Comment