Many organizations successfully endure a major business disruption and then drop the ball by not looking back at the event and drawing lessons from it for the future. In today’s blog, we’ll look at how performing a Post-Incident Analysis (PIA) can help you turn a disruption into a powerful opportunity for learning and improvement.
Related on MHA Consulting: In Time of Crisis: What to Do in the First 24 Hours
In many fields, it’s routine to look back at past events to learn lessons that can be applied in the future. The Army conducts after-action reports, secret agents get debriefed, and football teams review game film.
However, in the world of Business Continuity (BC) and IT/Disaster Recovery (IT/DR), such post-event reviews are surprisingly rare.
This is regrettable because a major disruption, while definitely a pain in the neck, is also a golden learning opportunity.
Don’t you think, after a disruption wreaks havoc on your organization, that you should at least try to get something positive out of it afterward by mining the event for useful insights?
Also, a disruption can reveal many gaps and weaknesses in your readiness that really should be closed to prevent an equal or worse problem from occurring in the future. The best way to find and fix these is by a systematic analysis after the event.
For all these reasons, I strongly recommend that companies that emerge from a significant business disruption conduct a formal review of the incident after the dust settles.
Specifically, I recommend they conduct what’s known as a Post-Incident Analysis (PIA).
A PIA is the reconstruction of an incident to assess the chain of events that took place, the methods used to control the incident, and how the actions of your organization as well as those of outside entities such as emergency services and third-party vendors contributed to the eventual outcome.
A PIA is not a forum for criticizing anyone’s performance during the incident or second-guessing any actions that were taken.
Conducting a PIA can bring many benefits to an organization just emerging from a business disruption. These include:
What should the PIA meeting and report cover? The following areas should be addressed, at a minimum:
The final PIA report should be formally reviewed and approved by the appropriate parties to ensure accuracy and comprehensiveness.
Ideally, the PIA should be completed within 14 days of the incident, while memories are fresh and the needed records and source materials readily available.
All participants in the analysis process must be truthful and candid in an effort to determine operational or management areas that must be improved.
Note also that it is important to remember that the purpose of the PIA report is not to criticize or discipline any person or to second-guess any action taken during the event.
A major business disruption is as much fun as a case of the measles. However, organizations can find the silver lining in the cloud by conducting a Post-Incident Analysis.
By conducting a PIA meeting and writing a PIA report as described above, you can identify what you are doing right and also where your gaps and vulnerabilities lie.
This information can help you improve your business recovery plans and strategies moving forward, increasing the resilience of your organization and better-protecting everyone who depends on it.