5.7 Endnotes 169
Chapter 5
The process of writing the After-Actions Report really begins when the
disaster is declared. Documents are generated, incidents occur, problems are
solved, and lessons are learned. All become part of the After-Actions
Report. These elements must be recorded and maintained as they happen.
5.6 Chapter Summary
This chapter has explained the disaster recovery phase. We started by dis-
cussing various disaster recovery legal issues and by providing statutory
examples. Next, we explained the necessity for organizations to plan meth-
ods of handling the emergency and the insurance considerations. These
considerations start with the identification of potential disaster status and
the involvement of emergency services, both state and FEMA. We talked
about the importance of assessing the business impact of an emergency
and managing a secure recovery at the recovery site or at one or more alter-
nate sites.
Disaster recovery team management actions and the process of notifica-
tion and reporting during the disaster recovery phase were also covered in
this chapter. Actions discussed included mobilizing the disaster recovery
team, notifying management and key employees, handling the notification
of employees’ families, handling media during the disaster recovery phase,
and maintaining an event log during the disaster recovery phase.
After recovery, the importance of creating a disaster recovery phase
report was stressed. FEMA and state interactions, including interaction
with state and local emergency services, were also covered. Finally, we
explained the various other recovery issues that organizations must contend
with, such as the process of internal and external communication to every-
one dealing with the organization. Once the disaster recovery phase has
concluded, organizations must contend with business recovery, the topic of
our next chapter.
5.7 Endnotes
1. Schreider, Tari. White Paper: “The Legal Issues of Disaster Recov-
ery Planning.” Disaster Recovery World IV, vol. 9, no. 2 (1996):
233–235.
2. Parr v. Security Nat. Bank, 1984 OK CIV APP 16 680 P.2d 648,
Case Number: 59733. Decided: 03/13/1984. Retrieved from
170 5.7 Endnotes
http://caselaw.lp.findlaw.com/scripts/getcase.pl?court=ok&vol=/
appeals/1984/&invol=9764 on March 11, 2005.
3. Federal Financial Institutions Examination Council, Information
Technology Examination Handbook, vols. 1–8 . Washington, DC:
FFIEC, August 2004. http://www.fdic.gov/regulations/informa-
tion/information/FFIEC.html.
4. Corpus Juris Secundum, vol. 19, section 491.
Get Business Continuity and Disaster Recovery for InfoSec Managers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
