Go to:

March 2019
< Feb Apr >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

Preparation, Mitigation, Response & Recovery are the Keys to Continuity of Operations
Wednesday, February 12, 2014 6:50 AM

Your credit union is prepared to respond to emergencies. You have fire safety plans, evacuation plans, and other types of emergency procedures in place. According to Bob Mellinger, founder and president of Attainium Corp, most organizations today need a comprehensive, integrated plan in place to protect people, property and technology in the face of a myriad of risks.

“You need a disaster response plan and a business continuity plan to cover all the possibilities and make business recovery possible,” says Mellinger. “Overriding all, however, is personal safety and the need to preserve life ... these are always the top priorities.”

Whether it’s a denial-of-service (DOS) attack, internal fraud, fire or flooding, your credit union needs to be prepared for anything that could happen - to protect its employees, members, and, to the greatest degree possible, its reputation and financial viability.

“It's entirely possible that one ruined or badly handled incident might result in extensive revenue losses and require years of rebuilding reputation and attendance,” cautions Mellinger.

Planning, Mellinger says, is essential.

“A good plan is dynamic and it's never finished. It reflects the constant vigilance of its preparers and maintains as current a level of information as possible so that it remains a strategic tool that can help you respond to whatever comes up,” notes Mellinger.

Preparation, mitigation, response and recovery are the keys to continuity of operations, according to Mellinger.

  • Preparedness - activities involved in creating awareness, determining risk and developing a state of readiness to respond to disaster, crisis or any type of emergency situation.
  • Mitigation - activities aimed at reducing vulnerability; activities performed in advance to decrease the impact of and reduce potential loss or damage from disruptions.
  • Response - activities occurring during or immediately following a disruptive event to minimize its immediate impact(s).
  • Recovery - activities undertaken to minimize long-term impacts of the disruption and return the situation/system to normal.

“If you talk to any true emergency management professional, what you'll hear is an echo of this: have a plan and keep these principles in mind as you plan,” suggests Mellinger. “Planning is a time-consuming, ongoing process. There aren't any really good shortcuts. It's tempting to go to the Internet and find one of the many plans-in-a-box or checklists that are available. This is fine if you are going to use these as starting points, but remember that there really is no such thing as a one-size-fits-all solution.”

Once you have a plan, you need to test it to evaluate its effectiveness. Mellinger recommends the following exercises:

  1. Orientation. An orientation is an informal session that does not include any simulation. It provides a discussion of roles and responsibilities and introduces or reinforces policies, procedures and plans.
  2. Drill. Think of the fire drill... this is a test of one function only.
  3. Tabletop. This takes the form of a discussion of a simulated emergency. It's inexpensive, low stress, and has no time limits. This exercise can help you evaluate plans and processes and review any issues with coordination and responsibility.
  4. Functional. This is a realistic simulation that takes place in real time and can be quite stressful. All key personnel should be involved.
  5. Full-scale. This type of exercise features a specific emergency scenario using real people and equipment. It takes place in real time and, done correctly, causes high levels of stress. It is designed to test many/all of the emergency response functions.

“A critical result of testing the plan, no matter what method you use, is to incorporate the lessons learned into the plan and making sure all relevant personnel receive the updates,” stresses Mellinger.