Disaster Management Triangle: A Three-Sided Approach to Lab Resilience
A lab disaster can come in the form of a fire, tornado, loss of electricity, cyber attack, compromised assay components, or more. With profitability and results on the line, many pharma labs are taking steps to develop disaster prevention strategies as well as carefully thought-out response plans.
Maintaining business continuity in the wake of a disaster is best accomplished using an agile, “three-sided” approach to disaster management:
- Prevention
- Short-term recovery
- Long-term recovery
In this post, we’ll briefly discuss all three aspects and highlight specific actions your lab can take to prevent disaster and respond in an effective manner.
Prevention
Disasters tend to come with a great deal of “unknown.” For this reason, prevention plans must be detailed enough to provide direction in a number of situations, but not itemized to the point of lacking adaptability.
The most resilient organizations are known to test their plan by conducting disaster training sessions, which can help them react more efficiently in the wake of a disaster.
Other valuable actions might include:
- Preparing for a total system loss, rather than a partial failure
- Purchasing backup generators capable of running specimen fridges/freezers during a power outage
- Using cloud or virtualization technology to prevent loss of data
- Investing in offline IT backup solutions
- Purchasing fire-proof lab cabinets for storage of volatile materials
In a bid to protect their assets, as well as comply with federal laboratory regulations, a number of labs have also opted to include vendors in their “ready response teams” (such as PerkinElmer’s OneSource Relocation Services).
A solid “hope for the best, but plan for the worst” preventative strategy can help deter unnecessary damage, and allow time for implementation of a lab’s short-term disaster management response.
Short-term recovery
The immediate first step in a disaster should be ensuring the safety of employees, which includes addressing possible chemical or tissue/fluid exposures. Beyond this, the plan must include provisions for both direct and indirect damage to the laboratory itself.
Direct damage refers to compromise of physical assets like computers, instruments and assay materials, or, in the event of a cyber attack, pre-purchased data or hardware and software that must be replaced. Having a pre-built compliance/QA process in place can help ascertain the functional status of lab equipment post-disaster.
Indirect damage refers to things that impact profitability or future business practices, such as loss of use of lab equipment and subsequent delays in research or production, or compromise of protected health information (PHI). In regard to the latter, having a readily-accesible plan for data governance is a federally-mandated “must.”
A solid communication strategy – both internal and external – will also assist with business continuity. In order to ensure consistency of messaging, your lab may want to incorporate a communication framework into its overall disaster management plan, e.g., a list of media contacts and designation of individuals who will interface with external entities.
Long-term recovery
Over time, labs must continue to address functionality as well as stakeholder relationships. Employing the support of communication specialists can be especially helpful with the latter, and support long-term efforts to bring the lab back to its original functionality.
For more detail on all these strategies, please read our paper on the subject.