The Post-Incident Review Process
Can You Correct the Weaknesses?
By Mark Morgan
Post-incident review (PIR) is an evaluation of incident response used to identify and correct weaknesses, as well as determine
strengths and promulgate them. PIRs are normally used to support program revision. Despite its importance, PIR is one of the most
neglected components of disaster recovery planning.
Imagine you have just survived a natural disaster. After weeks of intense response and recovery efforts, fortunately you are still in business. Youre exhausted and glad it is over. But a critical task awaits. Now, while your memory is fresh, is the time to learn from what happened and use the lessons to enhance your program and plans; dont assume they will be remembered. All too often, managers fall into the common trap of waiting until later and losing the opportunity. This is the moment to exploit your bosss fear that this could happen again in order to get the support you need. The organizations best equipped to survive and thrive are those that mature beyond the normal reflex of respond, recover and continue.
Applying hard learned lessons to a total disaster management program just makes sense. Better yet, go beyond disaster management, with its site specific focus, to crisis management and look at the bigger strategic picture. There are several things you should ask yourself:
What can be learned from what happened?
How do you avoid repeating mistakes?
How do you assess what is and is not working?
What are the implications of what just happened not only on you, but on your whole corporation or industry?
Are program and plan revisions needed?
How do these questions get answered? The best way to answer these and more is to conduct a post-incident review. Here is how the process works.
The post-incident review process begins with determining who will conduct the PIR. An effective review depends heavily on the objectivity of the review team. For that reason, you should select a team of individuals that are not part of your local organization, or, if from your site, were not involved with the response to or management of the incident. (The responders and managers will have an opportunity to provide their input later in the process.) The team should provide expertise in management, human factors, communications, planning and training. The team should include specialists that are technical experts in particular areas of concern for the specific incident. Specialty areas may include disaster response and management, fire, hazardous materials, environmental impacts and regulations or hostage situations. Several members of the team should also have strong interpersonal skills to facilitate capturing information through discussions and interviews with incident managers and responders. The team should have access to an advisory group of managers and senior leadership from within the organization that experienced the incident. These advisors help guide the activities of the team toward the philosophy of the organization. Their direct experience also assists with the assessment of how management responded to the incident and what long term effects have occurred as a result of their actions or the incident itself.
Once the team is assembled, its first step is to determine goals and objectives. What do we want to get out of this effort? A primary objective is to learn from what happened so your disaster management, response and recovery programs can be enhanced. Clearly defining the areas that the team will analyze should enable the team to make specific recommendations for improvement. Key areas of consideration include:
Mobilization procedures for personnel and equipment;
Implementation plans and procedures;
Management and coordination of emergency response;
Internal and external communications;
Post-incident perception; and
The short and long term consequences of the incident.
Based upon the objectives and areas of consideration, review questions are developed. These questions will, among other things, seek to explore each important aspect of the incident. They should be applied to each available source of information on the incident; plans, procedures, records and participants (through interviews). While the questions are being developed, another part of the team will begin a records review to build a list of incident participants.
The next step is to conduct interviews. During interviews everyone involved with the actual response, management, or recovery effort should be provided the opportunity to supply input. No one person can see, hear, or know everything that happened. Often it is not practical to interview everyone, however, it is necessary to ensure an adequate cross section of those involved with the incident is covered. During the interview process it is important to obtain a series of important pieces of the puzzle.
The first piece is the basic, What happened? This information is used to build a time line of participants actions separate from those found in incident records. Another piece is the cause of the incident. Often, participants can provide valuable insight into why the incident occurred and what might be done to prevent it from happening again.
The short and long term consequences of the incident are another piece of the puzzle that can be obtained through the interview process with assistance provided by management. Participants can also impart the reactions and post-incident perceptions of the community and other organizational stakeholders. The participants perception of the strengths and weaknesses of the actions of the organization should also be documented.
Concurrent with the interviews, portions of the team will begin to analyze the implementation plans and procedures while other portions continue an in-depth records review. The records and plans review efforts will also develop time lines of what happened and what should have happened.
These documents are further surveyed to reveal strengths, weaknesses, and concerns based upon organizational standards and the disaster recovery and crisis management expertise of the reviewers. These portions of the team should develop checklists from the review questions used by the interviewers. Using a checklist with a comprehensive description of each area of consideration during plans analysis and record reviews helps keep these parts of the PIR objective and complete.
During the review phase, it is important to begin looking at the values and rationale that were applied during the planning process and by managers and responders in reaching decisions concerning response and recovery operations. This is especially important if it appears that deviations from the organization values occurred and if that variance had a direct effect on the response and recovery operations.
After the records review, plans analysis and interviews are completed, the team reconvenes to discuss and analyze their findings and develop a post-incident review report. Time lines developed by each group should be evaluated to identify points of deviation and convergence. Checking areas of divergence closely to determine where the plan was not followed will help identify candidate areas for planning or training enhancements. The individual perceptions of strengths, weaknesses, and concerns will be compared with the impressions and findings of the teams record review. The team should emerge with a clear picture of what happened, what should have happened, and what should happen next. The picture is then assembled into a report of the post-incident review. A PIR report does not have to follow any special format and should only be as detailed as necessary to be a useful tool for crisis, disaster, and emergency planners and managers. The report should include recommendations for program enhancement or other modifications. It should address the following items:
A consolidated event time line;
Incident cause and recommendations for future correction or prevention;
Mobilization process, including notification of personnel and activation of facilities (this is particularly important in reviewing the time required to respond to an incident involving hazardous materials that could pose a threat to the surrounding community);
Prevention, mitigation and response equipment performance and procedures;
Implementation and performance of disaster response and crisis management plans and procedures including strengths, weaknesses, and concerns;
Management and coordination of disaster response and crisis management actions of those involved in responding to the incident;
Community and other stockholder reactions, especially any actions initiated by community emergency managers to protect its citizens;
Post-incident perception of organization performance, as revealed during interviews, in press reports, by changes in stock price, by investor reactions, etc.;
Company, corporation, or industry consequences, especially if alternative technologies are available;
Key lessons learned listed separately, to facilitate the implementation of enhancements that may be required.
Based on the PIR, the disaster recovery and crisis management programs should be revised to improve future performance. This could lead to revisions in several areas:
If the incident had not been previously identified as a potential hazard or vulnerability in the disaster and crisis plans then it should be added, and the hazard and vulnerability analysis should be reviewed;
If the report revealed weaknesses or gaps in the organization, the disaster response and/or crisis management structure should be modified;
If the policies and procedures did not address issues that became important during the incident, policies and procedures would need to be developed for those areas;
If response went poorly due to a lack of training, exercising or planning, these areas should be enhanced or modified and personnel should be familiarized with the changes; and
In areas where participants diverged from their existing plans and response or management operations went especially well, the disaster response and/or crisis management plans should be modified to reflect the reality of success.
The post-incident review process clearly provides an opportunity to learn from disasters and crises. Applying lessons learned to your disaster and crisis management program allows you to bring your procedures into focus with reality, and more importantly, it enables you to use the incident as a means of improving your program to better prepare for future situations.
While we never hope for another disaster, if one should occur again, your response, management and recovery operations should be smoother and more successful due to your post-incident review efforts.
By remembering the past, reinforcing strengths and enacting enhancements, we will heed the warnings and not be condemned to repeat history.
Mark Morgan is a Senior Associate with the Corporate Response Group, Inc. in Washington D.C.
DR World Main Index | Return to DRJ's Homepage
Disaster Recovery Worldİ 1999, and Disaster Recovery Journalİ
1999, are copyrighted by Systems Support, Inc. All rights reserved. Reproduction
in whole or part is prohibited without the express written permission form
Systems Support, Inc.