Medical emergencies can happen at any time to anyone. Having the information you need at your fingertips, from emergency contact information to passwords and file access, can help ensure that if one of your employees experiences a health crisis, your organization is able to notify the people who need to know as soon as possible. A back-up for system for passwords can help operations to recover after an emergency event has occurred.
Business continuity plans are your roadmaps for what do when the unexpected happens. Too often, however, a business continuity plan only covers some of the bases. Organizations find out what they’ve overlooked when a disruptive event occurs, which can be catastrophic for staff and for operations. Not-for-profit organizations that proactively review their business continuity plans and practices may be able to identify gaps in continuity coverage and address them before the plan is put to the test.
What Not-for-Profit Contingency Plans Should Include
Each organization is vulnerable to unique risks and disruptions, but in general, not-for-profits should be prepared to address four types of losses: loss of people, loss of vendors, loss of facilities and loss of technology.
Loss of People
One of the most devastating events that can happen to an organization is the loss of personnel. Personal tragedy, illness or injury can render key employees unavailable or incapable of making critical decisions. Create a back-up plan for every key position that includes that person’s passwords and log-ins for vital information technology and software systems. If possible, contingency plans should also include the list of projects or activities in which they’re involved. That way, if someone is unavailable, the organization can continue day-to-day operations in that person’s absence.
Not-for-profit organizations should be sure their contingency plan policies include third-party providers, contractors and, potentially, volunteers (depending on their role with the organization). The information the employee has access to could be vitally important, and potentially made unavailable if the proper back-up procedures are not in place.
Loss of Vendors
Loss of vendors can also be a disruptive situation for an organization. Not-for-profit organizations may have vendors that perform critical administrative functions, such as bookkeeping or payroll and employee benefits. If something were to happen to a third-party and the third-party has no contingency plan in place, it can have a ripple effect on your organization.
Vendors and the organizations they serve should have a role in each other’s recovery plan to ensure that no stone is left unturned. Organizations should be part of their vendor’s disaster recovery notification process and organizations should include their vendors and third-parties in their plan as well. Not-for-profit organizations may also want to consider identifying a few alternative vendors for those that perform core functions in case an unexpected situation arises.
Loss of Facilities
In the event that your building must be closed, not-for-profit organizations should have a back-up plan detailing how to continue operations to the fullest extent possible. Be sure your business continuity management plan specifies how critical activities will be conducted (virtual private networks, temporary alternative locations, etc.). Employees also need to be prepped on the loss of facilities plan so they would know what to expect and how they can carry on their job responsibilities remotely.
Loss of Technology
Data breaches are almost inevitable in the current environment. Part of your incident response strategy should address what happens if an unauthorized user were to breach your information technology systems. In addition to the plans on how to isolate and respond to an attack, your contingency plan should include system workarounds. For example, if your main server was compromised, do employees have an alternative means of getting internet access? How long can your organization continue to provide services if one if its core systems shuts down? Your organization’s business continuity plan should take these elements into consideration so it has a better sense of its recovery timeline.
Enhance Your Contact Information
Although it may not be part of a formal business continuity plan, your organization should also periodically review its employee contact information. Encourage employees to list emergency contacts, not only in their personnel files but also in their mobile devices with an “in case of emergency (ICE)” designation. You should also consider requiring employees to use a medical ID phone application. Apple devices have Medical ID capabilities built into the Health app. Instructions for how to set it up can be found here. Google Play has the free app, Medical ID ICE contacts for Android devices. Using an app or setting up the “ICE” features of your cell phone can help responders get access to your key contacts, even when your phone is locked.
Revisit, Retool and Adapt
There’s no way to spell out every possible scenario that could affect your not-for-profit organization, but you can account for the core types of disruptions that may befall your organization. Revisit your strategy and information periodically and make updates to ensure new employees, technology and other major organizational changes are covered by your plan. Employees should also be educated about what the plan entails and how the organization will communicate with them if a disruptive event were to occur.
For More Information
If you have comments, questions or concerns about how to be prepared for emergency situations, please contact us.
Holly Perez is a Senior Manager in the Kansas City office. She specializes in not-for-profit organizations and helps clients understand their organization, procedures and internal policies.