CIO Best Practices for Communicating about Disaster - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
IT Leadership // Security & Risk Strategy
Commentary
4/8/2021
07:00 AM
Connect Directly
Twitter
RSS
50%
50%

CIO Best Practices for Communicating about Disaster

When disaster strikes, your public relations plan can be just as important as your disaster recovery plan. Here are three best practices for CIOs.

Image: Olivier Le Moal - stock.adobe.com
Image: Olivier Le Moal - stock.adobe.com

CIOs are well versed in handling the technical aspects of a disaster recovery (DR), but meeting with stakeholders, the board, the CEO, and the public when an all too visible disaster occurs is another matter. What are the best public relations practices to follow when you have to face the people?

I've often reflected on this when I reviewed my career as a CIO. During these reflections, I found there were moments that stood out because they were great successes, and others when our execution in IT could have been better.

An example of the latter was a disaster recovery and failover at a financial institution. We had to execute the plan when our area was hit by an earthquake that knocked out all power and communications. The DR and failover plan worked flawlessly. Even more importantly, no one on staff or in the company was injured in the event. Despite this, what we learned in IT was that perfect technical execution of a DR and failover was not enough.

Here is what happened: When the earthquake struck shortly after 11 am on a business day, all systems and communications went down on our corporate campus and throughout the region. We moved to battery backup as part of our disaster recovery plan. But battery backup didn't resolve every problem because regional data pipelines were down and third-party service providers were struggling to get them up.

As a financial institution, we had numerous banking branches spread throughout the area. Customers were anxious and wanted to do business, but systems were down. The incapacitated systems forced more experienced supervisors to take over, because they still remembered how to manually record transactions on a written ledger. Those manually recorded transactions could be hand-entered into the banking system later when communications were reestablished and the system was back online.

We knew that a strong public relations policy was part of any disaster recovery plan, and we had proactively created and trained everyone on a communications tree for staff members and managers to follow during a disaster. This tree provided all the details about who was authorized to speak to the public and stakeholders about a disaster event. The purpose of this PR plan was to prevent uninformed and/or inaccurate statements from getting out to the public.

If this sounds good, it was. But here is what we failed to do.

While IT’s technical disaster recovery plan was reviewed and practiced fully or in part on a quarterly basis, the PR plan never was. While all the departmental managers and employees had the disaster recovery PR procedures, and those procedures were filed in a central HR policy and procedure folder, this PR plan was seldom referred to or reviewed.

It therefore came as no surprise when a well-meaning teller at one of our branches tried to answer a customer’s questions about the system during the earthquake disaster. This teller innocently told the customer that she wasn't sure, but she had heard that all of our systems and the data center had been destroyed. This news got to the local press, which in its hurry, did not check sources. The news got out, and customers began to draw their funds out of the bank.

Suffice it to say, our management team had a lot to explain to the board and to stakeholders for damages that now went well beyond the physical damage of an earthquake. It took us several weeks to get the company back on track. The incident indelibly etched in my mind how important it was that the public relations portion of any DR plan should be given as much attention as the technical system recovery itself. 

This incident and the circumspection that it created in our management team were instrumental in generating a revised set of public relations best practices for disaster recovery events. They include:

Practice PR as Well as DR

Push for regular reviews of a point-by-point public relations plan that spells out the who, what, where, when, and why of communicating during  a disaster. Regular reviews and practice of the PR plan are essential because individuals forget the plan if it is not regularly presented to them. It’s equally noteworthy that during a disaster event, staff and management are naturally anxious. They may not be thinking clearly themselves. Having a step-by-step PR plan that details how and when to communicate, and that they can refer to and be familiar with, helps.

Develop Step-by-Step Communications Procedures

The communication steps in the public relations plan should be straightforward and easy to understand and execute. These steps should describe who communicates what and with whom during a disaster event, when communications need to be forwarded to the next level of the communications tree, and who within the organization is authorized to speak to the public.

Keep Your PR Plan Updated

Today, there are social media outlets as well as word of mouth and the traditional press. Many employees regularly use social media in a casual manner. They may not think it matters if they report that operations are disrupted in their company on social media. IT, corporate public relations/marketing, departmental managers, and upper management should be cognizant of this so they can clearly address appropriate and inappropriate uses of social media during the time of a disaster.

Related Content:

CIO Agenda for Right Now: Priorities a Year Into the Pandemic

Why and How the Chief Information Officer Role is Changing

Why IT Should Have a Separate Training Budget

How to Explain AI, ML, and NLP to Business Leaders in Plain Language

 

Mary E. Shacklett is an internationally recognized technology commentator and President of Transworld Data, a marketing and technology services firm. Prior to founding her own company, she was Vice President of Product Research and Software Development for Summit Information ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

News
Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
News
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
Slideshows
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll