Coordinated development and implementation of
program
elements can reap significant benefits.
The objectives of a preparedness program are to safeguard life, conserve property, maintain the continuity of operations, prevent environmental contamination, and protect reputations and relationships. Emergency management, business continuity, IT disaster recovery, and crisis management are common terms for programs to accomplish these objectives. Prevention and mitigation programs including occupational health and safety, fire prevention, physical/operational security, cyber/information security, environmental protection, enterprise risk management, and crisis communications also have roles achieving these objectives.
Significant investments in people, facilities, systems, technologies, equipment, supplies, intelligence, and time are required to establish and maintain preparedness programs. Coordinated development and implementation of program elements can reap significant benefits including an enhanced understanding and treatment of risks, enhanced response capabilities, better outcomes, reduced costs, and a reduction in duplicative efforts.
Organize to enhance coordination and to delineate roles and
responsibilities
Preparedness programs of large organizations are managed at
vertical levels including corporate, business units, and sites or facilities. Corporate
establishes policies and manages those incidents with the potential to cause
significant impacts to the corporation. Business units have responsibility for
aspects of crisis management and especially for the continuity of manufacturing
and service delivery integrated within their organizations. At the site or
facility level, it is common for loss prevention and risk mitigation programs to
be developed and managed by different internal experts. For example, security manages
security risks, HR and safety manage employee risks, and IT manages technology
risks.
Planning for emergencies, continuity and recovery of
operations, and the protection of the organization’s reputation and
relationship with stakeholders requires teams at all levels to work together.
Defined roles and responsibilities for planning, development, and execution of
plans and programs are essential.
Risks cross departmental boundaries and business units.
Corporate’s role to monitor risk and actively manage those with potential to
cause significant impacts is critical. While responsibility for crisis
management may rest at the executive or corporate level, effective response is
dependent on an understanding of risk, prompt incident detection, and
coordinated response between and within all levels of management.
Business continuity planning must involve senior management,
operations management, and leadership of the functions required to support
continuity and recovery of business operations. Information technology is
essential to support business operations and must be involved in business continuity
planning and incident management.
When an incident occurs, the incident management team should
be led by the available person with the best combination of knowledge, skills,
and abilities for the type of incident. All teams must work together within a
common operational framework. Defined roles and responsibilities, clear lines
of authority, protocols and procedures, and resource management during an
incident are essential.
Clear understanding of risk, contracts, and regulations should inform
priorities for, and investment in, the preparedness program
Enterprise-wide risk assessments should inform senior
management decisions about investments to achieve the goals of the preparedness
program. Assessments should identify strategic risks and inform crisis
management and communications programs. Business impact analyses should inform
decisions to protect assets and to implement business continuity strategies.
Facility risk assessments should inform decisions about accident prevention,
life safety, property protection, and environmental protection.
Customer contracts may dictate business continuity
priorities and requirements especially for critical suppliers. Regulations
dictate minimum requirements for health and safety, environmental protection,
information security, business continuity, and information technology disaster
recovery.
Coordinated planning involving corporate, business units,
and facilities informed by the risk profile and mindful of contractual and
regulatory requirements is the best means to develop overarching preparedness program
objectives and prioritize investments to achieve them.
Protocols, procedures, and technologies are essential for prompt incident response
An incident at a facility, one involving a product or
service, or disruption of supply chain, infrastructure, or technology can
quickly generate media attention, regulatory scrutiny, or customer
dissatisfaction. Word travels fast in today’s digital world reducing reaction
time.
The risk assessment should identify the types of incidents
that could occur, the stakeholders potentially affected, the issues that may
arise, strategies for communications, and spokespersons. Protocols defining the
circumstances that require notification of management at the facility, business
unit, and corporate levels must be in place. Procedures and technologies to
facilitate prompt and ongoing communications should tested and ready. Roles and
responsibilities for development and approval of communications to internal and
external stakeholders must be defined.
Plans and procedures need to be immediately accessible, easy to use, bring
together necessary resources, and initiate incident management practices
When an incident threatening life occurs, warning and
protective actions must be accomplished quickly. When operations are
interrupted, strategies must be implemented within predetermined recovery times
to avoid unacceptable losses. Communications with stakeholders is necessary to
protect relationships. Plans must provide required information in a format that
will inform decision-making during the critical initial minutes of an incident.
Today’s technologies can replace the inches thick binders
collecting dust on a bookshelf. Wireless access to networks provides one click
access to digital information that can be formatted visually to enhance
comprehension and decision-making. A click can initiate warnings,
notifications, and launch multi-user forms to conduct situation assessment,
develop action plans, and facilitate incident briefings. Mass notifications
systems can provide real-time status of employee response to evacuation or
other warnings. Multiple documents, diagrams, and resource lists can be integrated
through hyperlinks to authorized persons.
Conclusion
Coordinated planning involving all levels of the
organization provides the best opportunity to identify, evaluate, and
prioritize risk. Risk priorities along with contractual and regulatory
requirements should inform decisions about investments in a holistic preparedness
program. Coordinated planning and an integrated incident management
organization that defines roles and responsibilities within a common framework
better informs decision-making and management of response actions, and reduces miscommunication,
confusion, and blind spots.
The sum of all elements of the preparedness program is greater than the sum of the individual, disconnected pieces.
For a printable copy of this Preparedness Bulletin, go to https://bit.ly/37w3sen