As Easy as APIE: This Simple Disaster-Response Model Is Highly Effective

As Easy as APIE: This Simple Disaster-Response Model Is Highly Effective

Everyone who works in business continuity should know about APIE. This simple disaster-response model—the letters stand for Assess, Plan, Implement, and Evaluate—offers serious benefits to any organization trying to gain control of a disaster and manage its way back to safe and productive operations.

Related on BCMMETRICS: It Shouldn’t Be a Scavenger Hunt: Accessing Critical Recovery Information in Crisis

Introducing APIE

In case you missed it, MHA Consulting recently published an ebook entitled Strong Language: The MHA Glossary of Essential Business Continuity Terminology (free download with registration). In it we define APIE this way: “Widely used disaster-response process, pronounced ‘ay-pie.’ Stands for: Assess the situation, Plan your response, Implement your response, and Evaluate your performance.”

It might be true that APIE is widely used; however, in my view it’s not widely used enough.

Floundering in the Face of Disaster

One reason I wish more companies employed APIE is that I see way too many floundering when they are faced with a disaster. This is true even of organizations that are well-trained and have good business continuity management (BCM) programs. Most continuity planners and crisis managers do not address crises in a systematic fashion, whether the incident is small or large.

The result is an inconsistent, disjointed approach. Sometimes the situation approaches the level of a nightmare.

Organizations that attempt to muddle through crises make many mistakes. Two of the most common are: 1) They fail to establish who is in charge, which can lead to passivity, confusion, and conflict. 2) Responders focus on tactical problems and never step back to look at the situation strategically. (Why is this bad? Imagine a house that has been damaged by an earthquake. The tactically minded individual starts doing things like picking up flowers and putting them back in their vase. They never even consider the possibility that the house might collapse. Obviously, being fixated on tactical problems in this way can create high exposure to potentially devastating strategic risks.)

APIE Turns Chaos into “Organized Chaos”

Another reason I wish more companies used APIE is that the model has an almost magical ability to help companies turn the chaos of the typical disaster response into the “organized chaos” that puts them on their way to getting the situation under control and production back on track.

(By the way, “organized chaos” is also in MHA’s new glossary. We define is as a “Situation in which the confusion brought on by a crisis is prevented from penetrating below the surface by an underlying structure and competence.” If you haven’t yet snagged your free copy of Strong Language, I invite you to download one.)

How APIE Works

Let’s look at how APIE works in practice, using the scenario of an organization that has experienced a power outage at a critical facility. As a reminder, the model’s four steps are:

1. Assess the situation.

2. Plan your response.

3. Implement your response.

4. Evaluate your performance.

We’ll take it step-by-step.

Step 1: Assess the situation.

Under APIE, when the crisis management team gets a call about the power outage, their first response is to do an assessment. What is the current situation? What is the current situation not? What is the strategic risk to the organization? The team collects as much information as it can. (Has a key production line come to a halt? Is there an urgent need for new product to be produced and shipped to a critical customer?) The team won’t necessarily learn everything it needs to know right away. Gathering intelligence is an ongoing process. For relatively straightforward situations, such as a power outage, the assessment phase can usually be done quickly. For a complex situation like a cyberattack, assessing the risks can be hard and take time.

Step 2: Plan your response.

Based on the information gathered in Step 1, the team moves on to planning its response. It should set three to five strategic objectives then delegate responsibility for achieving these objectives to people closer to the front lines. Examples of possible strategic objectives are, minimize the impact of the power outage on production, ensure we can continue to meet payroll, and communicate effectively with our stakeholders to minimize the damage the

outage causes to our brand and reputation. The subgroups assigned to meet each strategic goal are responsible for devising a tactical response that will bring success. Also in this step, the crisis management team should create a simple incident action plan (IAP) that gathers such information as the known details of the situation, the risks to the organization, the strategic objectives, and what the response team is going to try to accomplish in the next operation period. (Operation periods typically start short, such as four hours, and get longer as the situation becomes less acute.)

Step 3: Implement your response.

The various teams implement the tactical plans they devised in Step 2. The crisis team itself should play a minimal role in implementing tactical-level plans. A common mistake is for the crisis team to be too quick to dive into solving tactical problems. This happens partly because crisis team members tend to be activists by nature. However, it is important for the crisis team to maintain a strategic orientation so they can be alert to the situation’s larger risks. In implementing their plans, the subgroups should try to obtain meaningful results within the current operational period. Their efforts should be scaled to this end.

Step 4: Evaluate your performance.

At the end of each operational period, the crisis team evaluates the results of the responses implemented in Step 3. It confirms what actions were taken and measures their effects. The team then returns to the beginning and cycles through the APIE steps all over again, assessing the state of affairs as it now stands. In this way the organization can methodically manage down the crisis and return to productive operations in the shortest amount of time possible.

APIE Brings Calm to the Crisis Center

APIE is a simple but effective model for responding to disasters. The name is an acronym that stands for Assess the situation, Plan your response, Implement your response, and Evaluate your response.

APIE helps organizations avoid falling into such common crisis management pitfalls as not identifying a leader, ignoring strategic risks, failing to delegate, and fixing on tactical-level problems.

By imposing order on the crisis management process, APIE brings a welcome calm to the crisis center and has the ability to turn chaos into organized chaos. And in most cases, it is only a few short steps from organized chaos to a return to productive operations. In my experience, APIE is easy as pie and works like a dream.

Further Reading

For more information on crisis management and other hot topics in BCM and IT/disaster recovery, check out these recent posts from BCMMETRICS and MHA Consulting:

Michael Herrera is the Chief Executive Officer (CEO) of MHA. In his role, Michael provides global leadership to the entire set of industry practices and horizontal capabilities within MHA. Under his leadership, MHA has become a leading provider of Business Continuity and Disaster Recovery services to organizations on a global level. He is also the founder of BCMMETRICS, a leading cloud based tool designed to assess business continuity compliance and residual risk. Michael is a well-known and sought after speaker on Business Continuity issues at local and national contingency planner chapter meetings and conferences. Prior to founding MHA, he was a Regional VP for Bank of America, where he was responsible for Business Continuity across the southwest region.

Business continuity consulting for today’s leading companies.

Follow Us

© 2024 · MHA Consulting. All Rights Reserved.

Learn from the Best

Get insights from almost 30 years of BCM experience straight to your inbox.

We won’t spam or give your email away.

  • Who We Are
  • What We Do
  • Blog