Awareness and safety training

Personnel must be aware of risks and how to respond through continuous programs until it is a "way of life" for everyone. Include first aid, use of fire extinguishers and other equipment; appoint and train of Fire/Hall Wardens; establish a personnel accounting system.

 

Compliance

Assure compliance to government regulations, professional standards, and "good business practices."

 

Crisis management

This is a "catch-all" category which includes Awareness and safety training, Emergency Management interface, Image management, Internal communications, Media relations, Personnel and visitor safety & welfare, and Physical security.

 

Declarations and standing down

Who can declare a disaster (unit and corporate levels); who can declare the all-clear (stand-down)? What are the criteria?

 

Emergency Management interface

Deal with the local Emergency Management people: fire, police, rescue.

 

Emergency response

Immediate actions to protect life and, afterwards, to mitigate the event.

 

Escalation procedures

Criteria and procedure for event localized to one functional unit; criteria and procedure if the event will effect other units; who decides to declare and to stand down.

 

Evacuation (and in-place sheltering)

Evacuate or stay inside; evacuation routes to avoid crowding one exit path while another is unused; primary and alternate assembly areas; personnel accounting and reporting procedures. Assembly areas protected from flying debris and out of the way of Emergency Management responders.

For in-place (in-situ) sheltering, people understand they cannot put others at risk by insisting on opening a door and leaving the building; food that meets everyone's dietary requirements is available for an extended stay; people know who can declare an "all clear" and how it will be announced?

 

Image management

Public image - presented to the press, stock holders, financiers, suppliers and clients. In-house image presented to personnel at all levels.

Never, never, never lie to anyone. Have prepared responses to the more likely incidents; e.g. work accidents and work actions.

 

Information management

A unique heading due to the abundance of associated risks.

Information management includes both paper and data documents. Are measures in place to quickly retrieve sensitive documents (of all types) for reference or on demand by a government agency?

Lock critical documents away each evening; can the organization afford to lose valuable papers or defend itself in court?

 

Infrastructure reliability

Check electric, plumbing, sprinkler systems, telecom, malfunction detectors, and other building services. If these are controlled by someone outside the organization, consider the providers "critical vendors" and treat them accordingly (get their Business Continuity plans). Is everything "up to code?"

 

Internal communications

This covers all in-house communications resources - telephone system, email, mail room, inter-department couriers. It also covers communications with personnel at business continuation and resource recovery areas and with personnel temporarily furloughed until a later stage in the restoration to business as usual. How will personnel know when to stay home and when to come to work? Will they know who to contact and how to contact people for status information?

 

Maintaining minimum level of service

Identify critical procedures and processes and resources to keep these functioning. These are business functions and may be continued with use of "work-around" tools (e.g. pencil and paper in lieu of computers) - how long can the work-around be used; how long will it take to catch up and return to business as usual following recovery of all resources?

 

Maintenance procedures

Assure the plan is maintained; update the plan whenever personnel, place (location), policies, politics (regulations, codes), procedures, process (including tools), product, providers (vendors), provisions (cafeteria, "junk food" machines), or purchasers (clients) change.

Assure that there are spares for all critical equipment and that work-around equipment is available and up-to-date (e.g. forms). Assure that there is relevant documentation and tools to install the spares.

 

Media relations

Who to talk to; who to avoid. Remember that you have to live with the local media long after the Big Press returns to "wherever." NEVER LIE.

 

Personnel and visitor safety & welfare

Personnel and visitor safety includes evacuation maps in areas where people congregate and doors to common areas showing evacuations paths and assembly areas; training people who receive visitors that they are responsible for the visitor's welfare.

 

Physical security

This category includes unique identification for personnel, visitors, vendors, and both contract and casual employees; vehicle registrations, restricted parking for visitors and other guests, requirements for personnel to escort visitors. It also includes the environment both inside the building (after hours) and in public areas such as a parking lot.

Are locks changed when critical personnel leave? Are identification cards immediately collected? Is there a mechanism for personnel with personal problems to share their fears (e.g. angry spouse or significant other threatening harm to the employee) so that Security will take appropriate measures?

 

Policies and procedures

There are a number of management policies and procedures which need to be included in the plan, including - but not limited to:

• casual help - what can casuals do; what are the restrictions on their employment
• expenses - what is covered, how it is reported, what are maximums
• family assistance (with insurance, pay roll, transportation)
• family visits (frequency, duration; who pays for transportation)
• furloughs and furlough pay (how much for how long)
• inoculations - preventive measures for influenza and other epidemic illnesses; en masse or staggered inoculations, on site or off site medics, what to do if people refuse the preventive care/
• responder maximum hours before enforced time off (to avoid burn out)
• responder pay (base pay plus, compensatory time)
• travel to alternate work sites; travel allowance; who arranges transportation (employee, HR)
• vehicles - use of organization, private, and public transportation

 

Process definition

Define each process - input, how it arrives; what is done (what is the process); output, where it goes, how it gets to the next "station?"

 

Process re-engineering (if qualified and work is within scope)

Can a process be performed more efficiently, economically; can it be eliminated?

 

Recovery from response

How long will it take, once all business functions are restored, to "catch up" and how will the "catching up" be accomplished? Overtime, supplemental staff/

 

Response

Response plans for profit centers (meeting SLAs)

Response plans for resource units (meeting SLAs)

 

Restoration after response effort

Restoring profit centers to business as usual, (Disaster Recovery)

Restoring resource units to business as usual, (Disaster Recovery)

 

Risk analysis

Rate risks according to probability of occurrence and impact on the organization if they occur.

 

Risk avoidance and mitigation recommendations

Based on the Risk Analysis, identify and cost ways to avoid or mitigate a risk/threat? Based on the planner's experience or on relevant Subject Matter Experts' experience, what is the best response to the risk? Avoid it? Mitigate it? Absorb it?

 

Subject Matter Experts (SMEs)

Identify these people in the plan and for the plan. They may not be managers, but they have the knowledge to explain about processes and they usually know one or more ways to protect the processes.

 

Succession planning

Even the Federal government has succession planning. Organizations need succession plans. Every response position needs both primary and alternate staffing. If the CEO is absent, who can make executive decisions? Alternates can be of a higher or lower rank.

 

Training exercises

Design training exercises to identify plan deficiencies while increasing responder proficiency. Increase exercise complexity gradually and involve management as participants.

If each functional unit has its own plan, the exercises should start on the functional unit level and eventually work up to the enterprise level.

 

Travel considerations

Limit the number of key personnel who can travel together; have the Chief and Second in Command travel in separate vehicles (land, sea, and air). How many senior managers can the organization afford to lose in an accident?

Assure personnel traveling outside the US and Canada know where to turn if something happens in a foreign country. Travel to an area the US State Department considers risky may deserve special training.

 

Vendor management

Write vendor contracts so that critical vendors must have, and provide, Business Continuity plans to assure the vendor will be able to meet its SLAs even if it encounters a disaster event. (There should be a "sanitized" version of your plan to share with your clients, financial people, regulators, and others who may need to see the essence of the plan.

 

Contributors

Kathleen Lucey, President, Montague Technology Management, Inc.
http://www.montaguetm.com/

Michael Courton, Managing Director, The Courton Group
http://www.courtongroup.com/

Return to text.

 

 

---

John Glenn, MBCI, has been helping organizations of all types avoid or mitigate risks to their operations since 1994. Comments about this article, or others at http://johnglenncrp.0cat ch.com/ may be sent to JohnGlennCRP @ yahoo.com.