On Wed, 6 Oct 2021, Karl Auer wrote:
I'd add one "soft" list item:
- in your emergency plan, have one or two people nominated who are VERY
high up in the organisation. Their lines need to be open to the
decisionmakers in the emergency team(s). Their job is to put the fear
of a vengeful god into any idiot who tries to interfere with the
recovery process by e.g. demanding status reports at ten-minute
intervals.
A good idea I learned was designate separate "executive" conference room
and "incident command" conference room.
Executives are only allowed in the executive conference room. Executives
are NOT allowed in any NOC/SOC/operations areas. The executive conference
room was well stocked with coffee, snacks, TVs, monitors, paper and
easels.
An executive was anyone with a CxO, General Counsel, EVP, VP, etc. title.
You know who you are :-)
One operations person (i.e. Director of Operations or designee for shift)
would brief the executives when they wanted something, and take their
suggestions back to the incident room. The Incident Commander was
God as far as the incident, with a pre-approved emergency budget
authorization.
One compromise, we did allow one lawyer in the incident command conference
room, but it was NOT the corporate General Counsel.
