Disasters can strike at a moment’s notice. Whether it’s a cybersecurity attack, the loss of key personnel, a pandemic, or a natural disaster, the impact to your business can be substantial. A properly drafted, up-to-date disaster preparedness plan will enable your association to act quickly and effectively during a time ridden with stress and panic. Use this checklist and the resources listed below to develop an association disaster preparedness plan.
General
- Create a list of disasters to which your association may be susceptible.
- Cybersecurity attacks
- Departure of key personnel
- Pandemic
- Natural disasters, given your location (e.g., hurricanes, tornadoes, wildfires)
- Discuss current and available coverage to respond to potential disasters with your insurance agent, and reference NAR’s guidance pertaining to insurance via the links provided under the “Resources” section below.
- Review existing association contracts to ensure force majeure or cancellation clauses are broad enough to cover all disasters; and be sure to address these issues in future agreements.
- Once completed, distribute your plan to staff, and conduct staff training and disaster drills. Update your plan annually and after any disaster, incorporating methods that worked well and enhancing methods that didn’t.
Cybersecurity Attacks
- Develop an easily-accessible list of contact information for all decision makers, vendors, and others you may need to contact in the event of a cybersecurity attack, and identify association staff responsible for these communications.
- Create a policy to provide updates to members and staff during and after the attack, and include association staff responsible for these updates.
- Work with IT professionals to develop a business continuity plan that will address how to recover association systems, if affected, and how to minimize any downtime.
- Evaluate and enhance (if necessary) your current data backup plan.
- Consider the 3-2-1 backup plan.
- Keep at least 3 copies of your data; 2 copies stored onsite but on different mediums; 1 copy stored off-site.
- Consider contracting with a data center located in a different part of the country.
- Consider the 3-2-1 backup plan.
- Evaluate and enhance (if necessary) your data security systems.
- Ensure your firewall is secure.
- Restrict external access to virtual meetings.
- Require and remind staff to update antivirus software and report suspicious emails.
- Audit the sufficiency of the infrastructure regularly.
- Routinely change passwords and require your staff to do the same.
- Immediately reach out to your insurance carrier once you become aware of an attack to discuss next steps.
Departure of Key Personnel
- Create a succession plan.
- Outline an ongoing plan to develop skills at top and mid-level positions.
- Establish a procedure for appointing an acting executive in the event of an unplanned absence of a current executive.
- Create a policy to provide updates to staff regarding the departure and any replacement, and identify staff responsible for these communications.
Pandemic or Public Health Crisis
- Develop a communications plan.
- Identify how you can quickly provide information to staff and members (e.g., internal website, Facebook page, email blasts) and an association staff member to provide these updates.
- Identify association staff to monitor applicable laws and government-issued guidance.
- Develop an easily-accessible list of contact information for all decision makers, local associations, and others that may need to be contact, and the association staff responsible for these communications.
- Develop a remote work policy.
- Outline when remote work is encouraged/required.
- Identify the platforms to be used for meetings/events.
- Outline equipment (e.g., laptops) that will be available for staff to use to work remotely.
- Ensure data security systems are adequate.
- Ensure the firewall is secure.
- Restrict external access to virtual meetings.
- Require and remind staff to update antivirus software and report suspicious emails.
- Audit the sufficiency of the infrastructure regularly.
Natural Disasters
- Inventory the supplies and resources you have on site. Include budget allocations for disasters in this inventory.
- Procure and store emergency supplies. Document what items you’ve obtained and where they are located. (Note: this could be first-aid materials, safety equipment, food, as well as additional business equipment, such as laptops).
- Develop an evacuation plan, and include a building and identify exits, utility valves and shutoffs, fire extinguishers, and location of emergency supplies.
- Develop a communications plan.
- Include a check-in policy for staff and members to report their safety (e.g., phone tree, Facebook safety check, etc.).
- Identify association staff responsible for deploying the check-in procedure when necessary.
- Develop an easily-accessible list of contact information for all decision makers, other associations, and others that may need to be contacted during a disaster (e.g., leaders, vendors). Identify association staff responsible for these communications.
- Identify an association employee to act as the central point of contact for staff and members.
- Create a policy to provide updates to members and staff (e.g., Facebook updates, website updates, etc.) during and after the disaster. Identify association staff responsible for providing updates in accordance with the policy.
- Develop a remote work policy.
- Outline when remote work is encouraged/required.
- Identify the platforms to be used for meetings/events.
- Outline equipment (e.g., laptops) that will be available for staff to use to work remotely.
- Ensure your data security systems are adequate.
- Ensure firewall is secure.
- Restrict external access to virtual meetings.
- Require and remind staff to update antivirus software and report suspicious emails.
- Audit the sufficiency of the infrastructure regularly.
- Work with IT professionals to develop a business continuity plan that will address how to recover association systems, if affected, and how to minimize any downtime.
- Evaluate and enhance (if necessary) your current data backup plan.
- Consider the 3-2-1 backup plan.
- Keep at least 3 copies of your data; 2 copies stored onsite but on different mediums; 1 copy stored off-site.
- Consider contracting with a data center located in a different part of the country.
- Consider the 3-2-1 backup plan.
- Develop a plan for fulfilling financial obligations in the event the association’s main banking facility is affected by the natural disaster (e.g., consider establishing an emergency reserve fund with a different bank). Identify an association employee responsible for ensuring financial obligations are met and to communicate with financial institutions during a disaster.
- List your key vendors and potential backup vendors if a key vendor is unavailable. Identify association staff responsible for contacting vendors if necessary.
- Identify potential outside resources.
- Outline resources available to the association: the budget, dues waiver requests to NAR, extensions to licensing deadlines, FEMA, REALTORS® Relief Foundation, United Way, etc.
- Identify association staff to notify members of available resource(s).
- Identify association staff responsible for any other mitigation tasks (e.g., filing relief applications, tracking applications, filing insurance claims, etc.).
- Immediately reach out to your insurance carrier to discuss next steps.